OptOut iFrame not working...white space

On all my browsers Firefox, Chrome + Chrome Mobile, Edge and IE the embedded Opt Out iFrame is not working…it´s only white space.

Other iFrames from different sources are working fine.

Piwik Script is getting integrated into my website with Haeder-Footer-Plugin…works fine.

I don´t want to use more Plugins like "WP-Matomo (WP-Piwik) + Matomo web analytics application.

Any solution for that?

Best Regards


Can you check if the <iframe> has a propper closing </iframe> tag?

The latest version has a bug where it is missing, which may causes your issue.

It has already been solved and will be included in the next release.

Actually the code given by the code generator did not had a proper closing…I added it manually.

1 Like

I closed it with : </iframe>

<iframe style="border: 0; height: 200px; width: 600px;" src="https://piwik.website.de/index.php?module=CoreAdminHome&amp;action=optOut&amp;language=de&amp;backgroundColor=ffffff&amp;fontColor=ff0000&amp;fontSize=17px&amp;fontFamily=Hind" width="300" height="150"></iframe>

Adding for example a youtube iFrame works fine!

But even with the propper closing tag it is not working!


Can you maybe send me an link to the page. I can’t think of a reason at the moment.

It should be visible here:


You are using a JS library which tries to lazy-load the iframe (I think).

But this isn’t the issue.

Your Matomo instance is sending X-Frame-Options: sameorigin (You probably added it once in your webserver config together with the XSS-Headers. But as the Website and the Matomo instance are not on the same origin (different domains), the website isn’t allowed to embed the iFrame.

So you’ll need to change the header.

Oh and please don’t use X-Frame-Options because it is unflexibel. Instead use a proper CSP like this:
Header always append Content-Security-Policy: "frame-ancestors 'self' *.golfball-uhu.de"

Hmmm is there an manual how to do that!?

I have no idea what this X-Frames-Options are!???

This header is most likely set in a .htaccess file or the apache vhost. Do you have shell access to your document root?

How did I do that??? No idea :thinking:

As I said, the Piwik Code is added with the Header-Footer-Plugin…that´s it. Piwik is installed in the database of the main domain

and is getting used for


FTP-access…that´s what I have…shell???

So, no is the correct answer.

As you have only ftp access, your sites are hosted by a shared hoster?

yes :grinning: exactly

Than please write a support ticket (if possible) asking your hoster to replace the X-Frame-Origin: sameorigin header with Content-Security-Policy: "frame-ancestors 'self' *.golfball-uhu.de" for your domain piwik.golfball-uhu.de.

1 Like

How do I get a support ticket? I´m new here

A support ticket to your hoster :wink: