I load an html file ("file://...") in a web browser: in this file there's an <iframe>. Inside this iframe, I must load some remote content. I know the content I will load is protected by the X-Frame-Options HTTP response header, that can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>.
The question is simple: will the X-Frame-Options HTTP header work even if I load my page locally as a file?
It seems to work fine, I made a little test, then I forgot about this question