There is a website, with iframe. I frame source is correct, but won’t display content of the website. No visible errors. There only small detail in the console:
Load denied by X-Frame-Options: https://... does not permit cross-origin framing.
Some crazy admin figure out that it’s going to be better… and put some crazy code into headers:
X-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniff
Solution: talk to the hand, because admin won’t listen ;P