How to check if iframe embedding is allowed

1. Open the client’s exam site in a browser.

2. Press F12 to open Developer Tools.

3. Go to the "Network" tab and filter by "Doc."

4. Select the main document and inspect the response headers.

Headers to review:

• X-Frame-Options:

  • DENY –  Not embeddable

  • SAMEORIGIN –  Only same-origin embedding

  • Missing – Embedding allowed

• Content-Security-Policy:

  • frame-ancestors 'none' – Not embeddable

  • frame-ancestors 'self' – Only same-origin

  • frame-ancestors https://web.proctor.constructor.app –  Embeddable from our app

Note: ALLOW-FROM in X-Frame-Options is deprecated and ignored by modern browsers.