Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Server settings for successful insertion into the proctoring frame

This article explains what needs to be configured on the LMS or platform side to ensure that the exam content opens correctly inside the proctoring window.

When an exam or task page is opened inside the Constructor Proctor interface, the LMS or testing platform must allow its content to be displayed in an iframe.
If the server blocks embedding (for example, with restrictive security headers), the exam window will not load and the browser will show an error message such as “Refused to display in a frame”.

1. Why this matters

Constructor Proctor displays the test content from your LMS or assessment system inside a secure frame.

If your platform sends restrictive security headers such as X-Frame-Options: SAMEORIGIN or X-Frame-Options: DENY, the browser automatically blocks the page from being shown inside another system.

In this case, learners see an empty screen or an error instead of the exam.

Correct configuration allows the page to be displayed only inside the Constructor Proctor environment while keeping other sites blocked.

2. Recommended configuration

To make your LMS or test platform compatible with proctoring, it must allow its pages to be opened inside the Constructor Proctor frame.

The recommended way to control this behavior is to use the Content-Security-Policy (CSP) header with the directive frame-ancestors.
This directive defines which external systems are allowed to embed your content.
The list of allowed domains should include the Constructor Proctor domain that your organization uses.

If your server configuration still contains the older header X-Frame-Options, it should be disabled or removed.
This header is outdated and prevents embedding from any domain other than your own, which makes it incompatible with proctoring.

3. How to update server settings

Ask your system administrator to check how the web server sends security headers.
If X-Frame-Options is present, it must be removed.
Instead, add a Content-Security-Policy header that allows Constructor Proctor to display the content.

In practice this means allowing the domain used by Constructor Proctor in your organization (for example, the one provided by your integration manager).
No other changes are required.

4. Cookie settings for LMS with user sessions

Some LMS platforms, such as Canvas, rely on cookies to keep users signed in.
If your platform uses cookies, they must support cross-site access.
To ensure this, cookies should include the attributes SameSite=None and Secure.
Without them, learners may be logged out or lose access when the exam is launched inside the proctoring frame.

Your administrator can verify these attributes in the platform’s configuration or in the browser’s developer tools.

5. Summary

To allow your exams to open correctly inside the Constructor Proctor window:

  • Remove or disable the X-Frame-Options header.

  • Add a Content-Security-Policy header with the directive frame-ancestors that includes your Constructor Proctor domain.

  • Make sure cookies (if used for authentication) have the attributes SameSite=None and Secure.

If your users still see a blocked frame or an error, check the browser console for messages mentioning “X-Frame-Options” or “CSP” and contact your Constructor integration manager with a copy of the error message and your server’s response headers.