Can x-frame-options be used to allow specific websites to access content via iframe?

Question

Sites will often set x-frame-options response header to SAMEORIGIN to stop other sites from including their content within an iframe.

I want to know if x-frame-options or any method at all can be used to stop non-affiliated sites from displaying the content while allowing partnered or affiliated sites to do so.

Answer 1

Of course you can.

Use ALLOW-FROM uri.

Read more on this at MDN