We strongly recommend using the frame-ancestors directive from the official Content Security Policy (CSP) Level 2 specification instead of using the unofficial X-FRAME-OPTIONS header.
If switching to CSP is not an option, you can still use the Pendo in-app designer one of two ways:
* Note that the browser plugins below were created by third-parties. Pendo does not own or maintain either of the extensions listed below.
Updating ALLOW-FROM Value
Since X-FRAME-OPTIONS is not an official standard, there are various implementations which may not support this value. We tested this on Firefox 43.
You must specify the app.pendo.io URI. Note you can only include one URI per ALLOW-FROM separated by semi-colon.
X-Frame-Options: ALLOW-FROM https://app.pendo.io