I created VF page (or also to see the VF page inside a lightning component).
I added an apex iframe with src="https://www.salesforce.com/de/" (or any other source) from salesforce apex iframe guide.
<apex:iframe src="http://www.salesforce.com" scrolling="true" id="theIframe"/>
I also did Uncheck the Clickjack protection from this SO question-answer and some other posts and also added the website url to the Whitelisted Domains for VF inline frames.
Setup > Security Controls > Session Settings
I also added the website url to the CSP trusted sites.
However, I am still getting the error :-
Refused to display 'https://www.salesforce.com/de/?ir=1' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Could someone please suggest a Solution OR any ideas?
My VF page looks like :-
<apex:page docType="html-5.0" sidebar="false" showHeader="false" standardStylesheets="false">
<html xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" lang="en" style="height: 100%;">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<title>Iframe page</title>
<style type="text/css" >
</style>
</head>
<body>
<apex:iframe src="http://www.salesforce.com" scrolling="true" id="theIframe"/>
</body>
</html>
Or just a normal VF page
<apex:page sidebar="false" showHeader="false" standardStylesheets="false">
<body>
<apex:iframe src="http://www.salesforce.com" scrolling="true" id="theIframe"/>
</body>
Best Answer
I faced the same problem so I did contact the salesforce and the resolution suggested by Salesforce is to add the following tags to the apex:page showHeader="false" standardStylesheets="false" sidebar="false" applyHtmlTag="false" applyBodyTag="false" docType="html-5.0"