On all my browsers Firefox, Chrome + Chrome Mobile, Edge and IE the embedded Opt Out iFrame is not working…it´s only white space.
Other iFrames from different sources are working fine.
Piwik Script is getting integrated into my website with Haeder-Footer-Plugin…works fine.
I don´t want to use more Plugins like "WP-Matomo (WP-Piwik) + Matomo web analytics application.
Any solution for that?
Can you check if the
<iframe> has a propper closing
The latest version has a bug where it is missing, which may causes your issue.
It has already been solved and will be included in the next release.
Actually the code given by the code generator did not had a proper closing…I added it manually.
I closed it with :
<iframe style="border: 0; height: 200px; width: 600px;" src="https://piwik.website.de/index.php?module=CoreAdminHome&action=optOut&language=de&backgroundColor=ffffff&fontColor=ff0000&fontSize=17px&fontFamily=Hind" width="300" height="150"></iframe>
Adding for example a youtube iFrame works fine!
But even with the propper closing tag it is not working!
Can you maybe send me an link to the page. I can’t think of a reason at the moment.
It should be visible here:
You are using a JS library which tries to lazy-load the iframe (I think).
But this isn’t the issue.
Your Matomo instance is sending
X-Frame-Options: sameorigin (You probably added it once in your webserver config together with the
XSS-Headers. But as the Website and the Matomo instance are not on the same origin (different domains), the website isn’t allowed to embed the iFrame.
So you’ll need to change the header.
Oh and please don’t use
X-Frame-Options because it is unflexibel. Instead use a proper CSP like this:
Header always append Content-Security-Policy: "frame-ancestors 'self' *.golfball-uhu.de"
Hmmm is there an manual how to do that!?
I have no idea what this X-Frames-Options are!???
This header is most likely set in a .htaccess file or the apache vhost. Do you have shell access to your document root?
How did I do that??? No idea
As I said, the Piwik Code is added with the Header-Footer-Plugin…that´s it. Piwik is installed in the database of the main domain
and is getting used for
FTP-access…that´s what I have…shell???
So, no is the correct answer.
As you have only ftp access, your sites are hosted by a shared hoster?
Than please write a support ticket (if possible) asking your hoster to replace the
X-Frame-Origin: sameorigin header with
Content-Security-Policy: "frame-ancestors 'self' *.golfball-uhu.de" for your domain
How do I get a support ticket? I´m new here
A support ticket to your hoster