Forum Discussion
Inserting multiple values for the same HTTP Header
Per RFC 7034 HTTP Header Field X-Frame-Options:
The header field name is:
X-Frame-Options
There are three different values for the header field. These values
are mutually exclusive; that is, the header field MUST be set to
exactly one of the three values.
I interpret that to mean you can't specify multiple X-Frame-Options headers to achieve a combination of options. My guess is that, even if you did specify multiple X-Frame-Options headers in the response, only one will ever be honored by the browser, and the only question is which one - the first or the second - since they are mutually exclusive.
I'm not an expert but I've seen some articles that indicate you might be able to do this with the Content-Security-Policy frame-ancestors directive, which does support multiple origins.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com