X-Frame-Options for Outlook Web Add-Ins

Question

I\'m working on an Outlook Web Add-In and I\'m struggling with knowing what value to set for the X-Frame-Options: ALLOW-FROM header. As far as I know, users ma

Answer 1

The add-in needs to be able to run in an iFrame in order to work in Outlook Web, thus X-Frame-Options header should not be included at all. ALLOW-FROM can't really be used because the number of domains to list is way more than 3 mentioned, and that list is growing – there are many cases where various users access Office365 and outlook.com using custom domains.