Probably you should drop using X-Frame-Options in favour of the more
compatible and up to date "Access-Control-Allow-Origin" header:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
And for extra fine grained permissions then CSP (although keeping an
eye on
Hi,
I have been using the following successfully in HTTPD config for some time:
Header always set X-Frame-Options SAMEORIGIN
The SAMEORIGIN is required for our use but now I am getting a request to
allow X-Frame-Options to include specific URL's, say:
https://example1.com
https://example2.com
