0

I want to allow my webpage to be embedded into (other domains) iframes.

What specific header should I send along with the response from the server?

Is this header needed for all the resources that will be served inside the iframe (images, css,...) or just the first html page served?

Paolo
  • 15,233
  • 27
  • 70
  • 91

1 Answers1

3

You don't need any header to allow content to be shown in a frame.

x-frame-options allows you to restrict access, but framing is allowed if it is absent.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Ahhh.. it is the php framework I'm using that's setting that header to "SAMEORIGIN" and I realized it only now (thanks to you answer). I'll unset with header_remove. Thank you! – Paolo Jan 30 '14 at 12:30