Thanks for the info.
SAMEORIGIN won’t work for me.
I need the ALLOW-FROM uri… which I’ve tried.
Still get x-frame-option problem… but, I’m doing it from htaccess.
I can try and get my server people to put the ALLOW-FROM directive on Apache, so there is no conflict and I won’t need htaccess. What I discovered as I was about to do that is that ALLOW-FROM only allows for 1 URL. I have about 25 customers I need to get this to work for.