Twitch Embed Works on Some Sites, Fails on One — What Changed? (X-Frame-Options: SAMEORIGIN Appeared)

au.comeon · April 25, 2025, 10:43am

Hello, community.

I’m running into an issue embedding Twitch’s livestream and clips players on one of the websites I maintain. I develop several sites for streamers, where we host online games and use Twitch iframes to connect gameplay, streamers, and viewers.

Everything has been working fine for years, and the embed code is the same across all the sites—just with different branding, domains, and parent values in the iframe src. But now, on one specific site, the Twitch player suddenly stopped working.

After investigating, I noticed two things happening only on the site where it fails:

The embed request gets a 302 Found redirect to an /embed-error page.
Twitch is returning an X-Frame-Options: SAMEORIGIN header, which prevents the iframe from loading on our domain.

Meanwhile, on the other sites (with similar setup), everything still works fine—no special headers, no redirects.

It seems like Twitch has changed something, maybe related to how it handles the parent parameter or domain verification. Has anyone else run into this recently? Any idea why Twitch might selectively start enforcing these restrictions?

BarryCarlyon · April 25, 2025, 10:43am

Link to page that is broken to help investigate

au.comeon · April 25, 2025, 10:57am

Thanks for the answer.

Sadly, it under authentication and not available for people who didn’t register and it also geo locked.

But here is the code how we embed it on our page.

<iframe title="clip-iframe-336" src="https://clips.twitch.tv/embed?clip=[clip-slug]&parent=www.domain.com&allowfullscreen=false&muted=true&autoplay=true" style="width: 100%; height: 100%;"></iframe>

I also tried to just open this kind of link in browser

This is working fine
https://clips.twitch.tv/embed?allowfullscreen=false&autoplay=true&clip=[clip-slug]&muted=true&parent=www.domain1.com

and this is not
https://clips.twitch.tv/embed?allowfullscreen=false&autoplay=true&clip=[clip-slug]&muted=true&parent=www.domain.com

So it’s definetely connected somehow to exact domain www.domain.com. And im trying to understand why this could happen and what I can do with this and where I should search for info or help.

It worth the mention that it was included like 360px to 200px and sometimes page can contain a clip and couple livestreams (our app starts with catalog where you choose livestream to interact with), so im afraid that Twitch maybe thought that we view farming or something. And player was never hided under any additional interface.

BarryCarlyon · April 25, 2025, 10:58am

Thats likely the problem then.

Which cannot be check/verified if the site is reported as they cannot get into the site to see if the site complies with policy

au.comeon · April 25, 2025, 11:07am

So I can assume that Twitch possible uses this method (X-Frame-Options: SAMEORIGIN) as block for domains, right? Any way to confirm that our domain banned and how to solve this this thing? Some kind of support line I guess?

BarryCarlyon · April 25, 2025, 11:19am

I wouldn’t assume

But I cannot test/verify your page is configured right becase I cannot access it

Not that I know of