Disclaimer: I posted this question in Server Fault first. One of the users there suggested SO instead. So here I am.
Firefox 3.6.10 on the same machine does.
When I try to display a page from Domain A using an iFrame in Domain B, Firefox displays an empty page. Chrome displays the page from Domain A even though it is not supposed to.
From what I could find by Googling Chrome is supposed to honor this header and behave accordingly. Am I missing something?
My Apache config says:
# I set an exception for one specific page.
# But otherwise that page is not involved in the scenario I described above.
SetEnvIf Request_URI "^/widgets/foo.html$" iframes_allowed
Header set X-Frame-Options SAMEORIGIN env=!iframes_allowed