Nothing will unset X-Frame-Options (Apache, PHP 5.3)

Consider the following experiment:

Header always set X-Frame-Options "DENY"
Header unset X-Frame-Options
Header set set X-Frame-Options "TEST"

response headers:

X-Frame-Options "DENY"
X-Frame-Options "TEST"

Second experiment:

Header set X-Frame-Options "DENY"
Header unset X-Frame-Options
Header set set X-Frame-Options "TEST"

response headers:

X-Frame-Options "TEST"

Conclusion: the always option blocks the original value from being unset, however it doesn't block from adding a new value.

X-Frame-Options was forced in by ssl.conf.

Commenting out and restarting Apache allowed .htaccess and PHP header management to work again.

Related