Which HTTP headers to use for subdomain embedding?
I have a WordPress site hosted on LightSail (which uses bitnami). The domain is
On a subdomain
https://sub.example.com I have another server running. On this server, I want to embed a page from the main domain
https://example.com/a-page. Currently, I am getting errors that permission is denied.
I have updated the htaccess file like so:
Header set X-Frame-Options "ALLOW-FROM https://*.example.com" Header set Content-Security-Policy "frame-ancestors 'self' https: *.example.com" Header set Referrer-Policy "strict-origin-when-cross-origin"
But the headers don’t seem to updating or allowing any iframe embeds. I’m not very well-versed on HTTP Headers so apologies if this is a rather silly question.