This solution applies to Ubuntu add_header X- Frame - Options "allow-from https://*.sample.com http://*.sample.com" ; add_header Content - Security - Policy "frame-ancestors https://*.sample.com http://*.sample.com" ; Click here to read my post of StackOverFlow Visit me