There is some discussion about this in the past and the answer was that were working on a way for you to remove a header, and then it was implied that it was in the next version. But Ill be darned if I can figure out how to clear this header. I have an app that specifically needs to be able to be embedded into a cross domain iFrame but currently cannot make that work because the X-Frame-Origin is set to SAMEORIGIN.
I tried catching the hit in app.HandleURL, using the webRequest.header and setting the entry for X-Frame-Origin to an empty string and then returning false so the regular handling of the request would continue. That didnt work. I experimented with the session.prepareSession but there is nothing in the header string being passed there at all and my adding anything to it doesnt seem to do anything.
How can I turn off that header?