X-Frame-Options header is not a recognized directive

allow-from is 'obsolete'. You can use the Content-Security-Policy header instead:

header('Content-Security-Policy: frame-ancestors https://example.com');

To come back to this post. Unfortunatly I found the problem. Chrome does not support this option, therefore Chrome gives me the error that the iframe redirected me to many times.

However the option works on Firefox (More information here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).