One of our websites (demo.nopcommerce.com) works just fine.
But when I reference it in “iframe” from some other website (other subdomain of the same website) and try to open, then sometimes it works fine, but sometimes I’m getting the following error - “Refused to display ‘hyperlink to website’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.”
Please note that it happens only sometimes. We also explicitly return “sameorigin” value from our website as described - https://stackoverflow.com/questions/16484293/adding-x-frame-options-header-to-all-pages-in-mvc-4-application/22105445#22105445
I presume that it’s somehow related to CloudFlare. Does CloudFlare change ‘X-Frame-Options’ value? Can it be configured somewhere in CloudFlare?