It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

Do you know how to fix it?

Explanation

The error "Refused to display 'https://m.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'" means that the Facebook mobile site (m.facebook.com) has security headers configured to prevent itself from being embedded within an iframe on other websites.

Here's a breakdown:

X-Frame-Options: This is an HTTP response header that controls whether a browser should be allowed to render a page in an

<

iframe>. It's a security measure to prevent clickjacking attacks. Clickjacking is when a malicious website overlays a transparent iframe containing another site (like Facebook's login page), tricking the user into interacting with the hidden iframe while thinking they are interacting with the malicious site. 'deny': This specific value of the X-Frame-Options header tells the browser to never display the page in an iframe, regardless of the site trying to embed it. The Problem: You're trying to embed the Facebook mobile site within an iframe on your own website. Facebook's security settings are preventing this. Solutions (none are guaranteed to work, as Facebook could change its policy):

Don't use an iframe for Facebook: This is the most reliable solution. Instead of embedding the entire page, consider using Facebook's official SDKs or APIs to display relevant content (like a Like button, comments section, or a share button). These are designed to work within other websites and are approved by Facebook. This is the recommended approach. Use a different Facebook endpoint (unlikely to work): There might be a different Facebook endpoint or a specific version of their site that doesn't have this restriction. However, this is highly unlikely and not a reliable solution. Facebook actively controls these headers to maintain security. Relying on this is not recommended. Contact Facebook (very unlikely to work): You could contact Facebook and ask them to allow your site to embed their mobile page, but they are very unlikely to make an exception for individual websites. Their security policy is in place for a reason. In summary: The best practice is to avoid embedding m.facebook.com (or any other site that restricts framing) in an iframe and use official Facebook tools to integrate their features. Trying to bypass the X-Frame-Options header is generally a bad idea, as it indicates a potential security vulnerability.

I've reported it through the Facebook "what's not working" route. Suggest others could do that too.

Having the same problem using Iframe code.

As in the post above 'If I change the browser settings to "show desktop site" it works fine.'

This is ugly.

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.