X-Frame-Options
cqkisyouq opened this issue · comments
I use it on my other sites iframe
When did you add the following paragraph in the response header ?
X-Frame-Options: SAMEORIGIN
There is no such header in storefront responses.
If you meant this header presence in Platform API requests - it was added to avoid clickjacking. commit.
It is configurable in web.config. You need to understand the risks when changing/removing it.