Django contains clickjacking protection in the form of the X-Frame-Options middleware which in a supporting browser can prevent a site from being rendered inside a frame . It is possible to disable the protection on a per view basis or to configure the exact header value sent.