KJV Bible Search Plugin — Iframe Setup Guide

Why You Are Seeing the Iframe Error

If the KJV Bible Search plugin shows a message saying the iframe could not load, your website is blocking external iframes.

This is caused by a security header added by:

• your theme
• your hosting provider
• a firewall or WAF
• a CDN (Cloudflare, Sucuri, etc.)
• a security or performance plugin
• custom .htaccess rules
• custom Content-Security-Policy (CSP) rules

This behaviour is very common and is enforced by the browser for security reasons.

What Is Blocking the Iframe?

Your site is sending one of these headers in the HTTP response:

X-Frame-Options: SAMEORIGIN

or:

Content-Security-Policy: frame-ancestors 'self'

These headers tell the browser:

Because the KJV Bible Search engine loads from https://kjvbiblesearch.net/, the browser blocks it when these headers are present.

How to Fix the Issue (Universal Instructions)

You only need to remove or adjust one of the blocking headers below.

1. Remove X-Frame-Options

Look for this header in any of these places:

• .htaccess file
• server or hosting control panel
• security plugin settings
• firewall / WAF configuration

Remove any line like:

Header set X-Frame-Options "SAMEORIGIN"
Header set X-Frame-Options "DENY"

If your host injects it automatically, you can override it with:

Header always unset X-Frame-Options

2. Adjust Content-Security-Policy (CSP)

If your site uses CSP and you see something like:

Content-Security-Policy: frame-ancestors 'self'

Change the frame-ancestors directive to allow embedding, for example:

Content-Security-Policy: frame-ancestors *;

This tells the browser that any site is allowed to embed your pages in an iframe.

3. Check Security Plugins

In any security or hardening plugin, look for options such as:

• “Block external iframes”
• “Clickjacking protection”
• “Add X-Frame-Options header”
• “Enforce CSP / frame-ancestors”

Disable those options or remove the iframe-related rules.

4. Check Theme Settings

Some themes include security header options. Look in your theme or theme options panel for:

• Security headers
• Clickjacking protection
• CSP / Content-Security-Policy
• X-Frame-Options

Disable or remove any setting that restricts iframe embedding.

5. Check Hosting, CDN, or Firewall

If you use a CDN or firewall (for example Cloudflare, Sucuri, or a host-level WAF):

• Disable “clickjacking protection” or “frame protection”
• Disable automatic X-Frame-Options injection
• Remove CSP rules that include frame-ancestors 'self'

Why a Plugin Cannot Bypass This

Browsers enforce iframe security before WordPress, PHP, themes, or plugins run.

This means:

• No WordPress plugin can override these headers
• No theme can override them
• No JavaScript or shortcode can bypass them

Only your server, hosting, CDN, firewall, or security configuration can allow the iframe to load. This is the same model used by platforms like YouTube, Stripe, Calendly, Google Maps, PayPal, and Vimeo.

After You Apply the Fix

Once the blocking header is removed or adjusted:

• The iframe will load normally
• The KJV Bible Search engine will appear inside your page
• The [kjv_bible_search] shortcode will work on any page or post
• No further configuration is required in the plugin itself

Need Help from Your Host?

If you are unsure where these headers are coming from, you can contact your hosting provider and send them this message:

“Please remove or disable any X-Frame-Options or Content-Security-Policy frame-ancestors restrictions that prevent my WordPress site from displaying external iframes, so that the KJV Bible Search iframe from https://kjvbiblesearch.net/ can load correctly.”
        

Your host or server administrator will understand this request and can adjust the configuration for you.