X-frame-options set to "DENY" means that clickjacking defense is enabled on your server. This is only turned on for pages on Tableau Server that aren't views. (Think the Projects page, or Admin views, or Users pages).
Does the url you are loading in the iframe belong to one of these pages? Or to a view that is published on Tableau Server?
Here's some more info on this topic:
The x-frame options setting comes from a server - note that it can be your tableau server, or in the case of an embedded view, also from the server which is hosting the webpage into which the Tableau view is embedded, so you may have more than one place to look. The when the Tableau wgserver clickjack setting is enabled (
Hope that helps...
Hi! Im facing the same error that OP.
Refused to display 'https://sso.online.tableau.com/public/login' in a frame because it set 'X-Frame-Options' to 'DENY'
He doesn't specify but my server is in Tableau Online, so how can I set off the clickjacking ? I read somewhere that editing the '#' character in the URL you could set that but didn't work for me.
I also faced similar issue. Mine got resolved when i used the parameter along with the URL parameter - "?:embed=yes"
This should resolve the problem