I have IIS configured to display the qvplugin and it's working fine, recently I noticed that the X-Frame-Options in the HTTP Response Headers was set to ALLOW, Now I'm asked to change its value to SAMEORIGIN due to security reasons. When doing this, the plugin is not opened as expected, instead I get thisn error:
"To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame."
Why is this happening? I think SAMEORIGIN should be enough. Could someone give me some more explanation in this?