Frame problems with the Overlay function


A customer of ours is encountering some problems with the overlay function. If you visit the overlay page from Actions -> Entry Pages it doesn’t display the clicks per link. Our customer is reaching the Piwik application on port 8443 (, and the page on which the overlay loads is on port 443 (just https). We did this to hide the admin panel from the whole internet. The PHP pages which aggregate the statistics are available on port 443 ( The rest is on a access list, so no one could easily access the admin panel through it.

We see the following errors occuring in the javascript console (browser).

  1. Invalid ‘X-Frame-Options’ header encountered when loading ‘https://website-url’: ‘ALLOW-FROM’ is not a recognized directive. The header will be ignored.
  2. Uncaught SecurityError: Blocked a frame with origin “” from accessing a frame with origin “”. Protocols, domains, and ports must match.

We see that the application tries to set an header, to fix this issue. But the Google Chrome (44.0.2403.89 (64-bit)) browser isn’t taking it. This is also not working on Firefox 39.

Is this a bug in the Piwik software, or is this normal behaviour?

Thanks for any help.

Yours sincerely,