Disable "X-Frame-Options: SAMEORIGIN" http response header for one page
SOLVE
I have a requirement to host a simple (static?) maintenance page for a Microsoft Power Pages site... the details are here: https://learn.microsoft.com/en-us/power-pages/admin/enable-maintenance-mode#considerations-for-custo... ...seems simple but they Power Pages site will load the maintenance page in an iFrame and so requires "X-Frame-Options:SAMEORIGIN" to not be present. By default HubSpot sets an http response header "X-Frame-Options:SAMEORIGIN" when serving all pages.
Can an individual HubSpot page be configured to be served without this http header?
If not, is it perfectly acceptable to add a static html page to HubSpot Files and serve the page from there?
As far as I know, you should not be getting the header "X-Frame-Options:SAMEORIGIN" by default - that is something you would turn on in your domain security settings in order to show up.
However, this setting applies at the domain level, so it cannot be controlled for individual pages.
So you could either turn it off for your domain or, if you need that to be on, you could connect a sub-domain to HubSpot and publish the maintenance page on that sub-domain with the X-Frame-Options header turned off.
Hope this helps!
✔️ Did this post help answer your query? Help the community by marking it as a solution.
As far as I know, you should not be getting the header "X-Frame-Options:SAMEORIGIN" by default - that is something you would turn on in your domain security settings in order to show up.
However, this setting applies at the domain level, so it cannot be controlled for individual pages.
So you could either turn it off for your domain or, if you need that to be on, you could connect a sub-domain to HubSpot and publish the maintenance page on that sub-domain with the X-Frame-Options header turned off.
Hope this helps!
✔️ Did this post help answer your query? Help the community by marking it as a solution.