Add x-frame sameorigin header
Hey there, for security reasons I recommed adding following headers by default:
X-Frame-Options: SAMEORIGIN
No customers need to include their websites via iframe on another domain. If needed they can overwrite this header in their htaccess-file or via php/html.
PS: The apache/nginx-header module must be loaded. I think after implementing #4388 (closed), this would happen by default :-)