I want to allow my website to be iframed by other websites so I try to set the X-Frame-Option to ALLOWALL
I did it by editing the .htaccess file and also the web.config file
.htaccess
Header always append X-Frame-Options ALLOWALL
web.config
<httpProtocol> <customHeaders> <add name="X-Frame-Options" value="ALLOWALL" /> </customHeaders> </httpProtocol>
Still, i get this error…
Multiple ‘X-Frame-Options’ headers with conflicting values (‘ALLOWALL, SAMEORIGIN’) encountered when loading "…’. Falling back to ‘DENY’.
It seems that something sets this X-Frame-Option to be SAMEORIGIN.
How can I override it?
Thanks in advanced guy!