I have added an X-FRAME-OPTION header to my .htaccess to prevent issues with click jacking.
<IfModule mod_headers.c> Header append X-Frame-Options "SAMEORIGIN" </IfModule>
Now I am required to allow a certain route to be accessible via an iframe from outside domains. I'm using PHP and have tried overwriting the X-frame-option header via:
However it appears that the X-frame-option is not being overwritten but is instead being re-appended as per the following browser error (Chrome):
Multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, SAMEORIGIN') encountered when loading 'https://foo.com/baz/1'. Falling back to 'DENY'.
How do you go about overwriting the x-frame-options for certain pages?