buildElementor•hourglass_bottomloading-issuevisibilitypreviewsecurityX-Frame-Optionstext_fieldsheaderpicture_in_pictureiframe•star_halfUncommon•warningModerate

Elementor: Elementor preview is not loading: X-Frame-Options header is set to deny

The X-Frame-Options response header tells browsers whether a page may be displayed inside an iframe. When the header value is DENY the browser blocks any framing attempt, regardless of origin.

Elementor renders the page preview inside an iframe that shares the same domain as the editor. The browser requires the header to be SAMEORIGIN or to be absent. A DENY value stops the iframe from loading, leaving the preview area blank.

Typical sources of a DENY header include server configuration files, security plugins that enforce click‑jacking protection, and WordPress core hooks that add the header for admin screens. Any of these can override Elementor’s need for SAMEORIGIN.

Symptoms

[dashicons-warning]

Blank preview area

The Elementor editor shows an empty gray box where the page should appear.

[dashicons-warning]

Console error

Browser console reports Refused to display … in a frame because X-Frame-Options is DENY.

[dashicons-warning]

Network response

Network tab shows 200 OK but response headers contain X-Frame-Options: DENY.

Common Causes

Server configuration

Apache, Nginx or LiteSpeed adds Header set X-Frame-Options "DENY" in .htaccess or server block.

Security plugin

Wordfence, iThemes Security, Sucuri or similar forces DENY for all requests.

WordPress core hook

send_frame_options_header outputs DENY for admin pages and may be re‑added by custom code.

Need this fixed right now?

Don't waste your day debugging. Our experts can Fix your issues in under 2 hours.*

Success Rate

100% Guaranteed

Starting from

$35 /hour

99+

Trusted by Business Owners

“I spent 3 days trying to fix the Elementor loading loop. These guys fixed it in 20 minutes. Lifesavers!”

— Sarah J., Web Designer

Related Issues

Contact Form 7: REST API request failed: 503 Service Unavailable

A 503 Service Unavailable response stops Contact Form 7 from sending data...

apiREST APIerror503descriptioncontact-form-7

Contact Form 7: REST API request failed: 429 Too Many Requests

The form tries to send data through the WordPress REST API. The...

apiREST APIerrorerrorsecurityfirewalldescriptioncontact-form-7settingsserver_configuration

Contact Form 7: REST API request failed: 401 Unauthorized

The form tries to send data via the WordPress REST API. The...

apiREST APIadmin_panel_settingspermissionsdescriptioncontact-form-7lock401

Contact Form 7: File upload error: temporary directory missing

The error appears when Contact Form 7 cannot locate a writable temporary...

codePHPcloud_offupload erroradmin_panel_settingspermissionsdescriptiontemporary filedescriptioncontact-form-7

Contact Form 7: Mail (2) sending failed: PHP mail() function disabled

Contact Form 7 reports a failure for Mail (2) when the PHP...

codePHPerrorerrordescriptioncontact-form-7mailMailsettingsserver_configuration

Contact Form 7: Mail (2) sending failed: SSL certificate verification failed

Contact Form 7 reports a failure when trying to send the secondary...

errorerrorlocksslcodecURLdescriptioncontact-form-7