Facebook Canvas Not loading Url Even if it has SSL
I was trying to do some sample facebook canvas application,
I have created the app in Facebook developer and created new platform in side facebook canvas.
SO I opened the app page which is not loading the data
But If I use other https websites means It will load for ex. https://eatwater.co.uk
X-Frame-Options is a relatively new web feature that prevents malicious attacks like framesniffing or clickjacking. New development frameworks such as MVC5 provide out of the box support for this. If the X-FrameOptions response header is set to SAMEORIGIN it means the page can only be included in an iframe in a web site that is in the same domain with the requested page.
other options are:
DENY: no page can use the requested page as an iframe. ALLOW-FROM: http://www.example.com: only allows from the example.com domain. have in mind though this is not supported in chrome and safari browsers.
So to answer your question, the sites you are including in your canvas app are requested by apps.facebook.com to fill an iframe, and the browser blocks the request because these sites' configuration is set to SAMEORIGIN.
take a look at this blog post.