External website refused to connect in an iFrame in Confluence
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When embedding an external website within the Confluence page in an <iframe/>, the website doesn’t load and display below in iFrame
example.website.com refused to connect.Environment
- Confluence Server and Data Center
Diagnostic Steps
- Create a Page in Confluence
Embed the website in iFrame using the HTML Include macro. Reference: How to put an iFrame into Confluence
<iframe src="https://example.website.com/" noborder="0" width="830" height="800" scrolling="yes" seamless></iframe>- The Preview of the website fails with the error example.website.com refused to connect
- Review the console in the browser with Developer Tools (Ctrl+Shift+i)
- In the Developer Console of your browser, check the Network logs (where all request/respond flows are listed), please check X-Frame-Options in the response headers of the relevant request for the external website. If it is displayed as DENY, the page can't be displayed in a frame
Other than checking the network logs, the below URL can also be used to validate the X-Frame-Options header options on the WebServer-
Cause
As we can see from the X-Frame-Options - HTTP - MDN article:
DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.
.
.
If you specify DENY, not only will attempts to load the page in a frame fail when loaded from other sites, attempts to do so will fail when loaded from the same site.
Resolution
Unless the website owners change the X-Frame-Options header, the website cannot embed inside of an iframe element.