Apache on Mac OS X is configured with security in mind. Apple has chosen to ship it with a setting that causes the x-frame-options header to be sent, which has the effect of causing content hosted on a Mac OS X server to not show up inside and iframe on another site.

Well-written web apps (like WordPress) already send the x-frame-options header. My personal preference is to turn this off globally and then ensure that my web apps send it as needed.

Here’s how to disable it:
Continue reading →