Change restrictive defaut header of Apache ??


I encounter a specific issue with a new customen doing lot of photo works that are included in other websites with Iframe ! Since customer moved to my server none of these iframes can load on remote website due my apache blocking cross-loading of files ! I looked at all config files of apache in virtualmin but is unable to find any directive relative to that ! Anyone would know where it is setup ? I’m running Apache 2.4.18 on Ubuntu 16.04.
I tried already to do in virtual webserver config file but it looks like default apache is passing above individual directives :frowning:



Hum I discovered using the web console in firefox that in fact directives I added in virtualhost of my customer is not used as Apache send first this directive:

X-Frame-Options : « SAMEORIGIN »

Any ideas where it’s setup in Apache as I’m unable to find something like that in config files of Apache in virtualmin :frowning: