I use
Header set X-Frame-Options SAMEORIGIN
in .htaccess
But i would like to have 1 html page that isn't blocked when shown in iframe on other websites.....
How can i make 1 exception?
The Header directive provides an additional argument that allows you to set the header conditionally based on whether an environment variable is set or not.
You could then set an env var when this one URL is requested. And only allow the header to be set when the env var is not set.
For example:
SetEnvIf Request_URI "^/one-page-not-blocked\.html$" DO_NOT_BLOCK
Header set X-Frame-Options SAMEORIGIN env=!DO_NOT_BLOCK
The above SetEnvIf directive sets the env var DO_NOT_BLOCK to the value 1 when the regex matches the requested URL.
The env=!DO_NOT_BLOCK argument is successful when the env var is not set (denoted by the ! prefix).
This method allows you to add additional URLs to not block by simply adding more SetEnvIf directives.