Why is it that a lot of them websites have the x-frame-options to deny access from another url?
This stops the possibility of making iframe based browsers.
What do you have to lose by allowing iframes to your site?
You could load gmail or facebook or any other site in an iframe and tell the user to login, but you would intercept his credentials with javascript.
You could load gmail or facebook or any other site in an iframe and tell the user to login, but you would intercept his credentials with javascript.