I want to temporarily remove X-Frame-Options: SAMEORIGIN and need to allow all domains.

I have already tried the following ways.

1. Removing send_frame_options_header from ./wp-includes/default-filters.php

2. remove_action('login_init', 'send_frame_options_header');

3. Removing @header( ‘X-Frame-Options: SAMEORIGIN’ ); from /wp-includes/functions.php

None of the above doesn't work.

PS: I don't use any security plugin either.

I want to temporarily remove X-Frame-Options: SAMEORIGIN and need to allow all domains.

I have already tried the following ways.

1. Removing send_frame_options_header from ./wp-includes/default-filters.php

2. remove_action('login_init', 'send_frame_options_header');

3. Removing @header( ‘X-Frame-Options: SAMEORIGIN’ ); from /wp-includes/functions.php

None of the above doesn't work.

PS: I don't use any security plugin either.

• filters
• headers
• core
• core-modifications

Share Improve this question asked Oct 20, 2019 at 5:15 RanukaRanuka 1,79433 gold badges1818 silver badges3131 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 6

Check this question How does wordpress restrict X-FRAME to sameorigin?.

The questioner's issue was resolved by modifying his site's .htaccess file by adding the below line to it as his Web Host set the X-Frame-Option.

Header always unset X-Frame-Options

You can check if that works for you.