Which HTTP headers to use for subdomain embedding?


I have a WordPress site hosted on LightSail (which uses bitnami). The domain is https://example.com
On a subdomain https://sub.example.com I have another server running. On this server, I want to embed a page from the main domain https://example.com/a-page. Currently, I am getting errors that permission is denied.

I have updated the htaccess file like so:

Header set X-Frame-Options "ALLOW-FROM https://*.example.com"
Header set Content-Security-Policy "frame-ancestors 'self' https: *.example.com"
Header set Referrer-Policy "strict-origin-when-cross-origin"

But the headers don’t seem to updating or allowing any iframe embeds. I’m not very well-versed on HTTP Headers so apologies if this is a rather silly question.


nbz 2 months 0 Answers 16 views 0

Leave an answer