Drupal 7 blocks external frame due to X-Frame-Options

As documented (https://www.drupal.org/node/2735873) Drupal comunity removed the possibility to embedd a Drupal site into an external frame to avoid clickjacking.

The problem

Basically you can not put an external Drupal website into an iFrame anymore, if you try to embedd a website with X-Frame-Options restrictions you will get a browser console error stating something like this

because it set ‘X-Frame-Options’ to ‘sameorigin’

This behavior is obtained in drupal_deliver_html_page (in common.inc) in which it is checked what I show you below:

// By default, do not allow the site to be rendered in an iframe on another
// domain, but provide a variable to override this. If the code running for
// this page request already set the X-Frame-Options header earlier, don't
// overwrite it here.
$frame_options = variable_get('x_frame_options', 'SAMEORIGIN');
if ($frame_options && is_null(drupal_get_http_header('X-Frame-Options'))) {
  drupal_add_http_header('X-Frame-Options', $frame_options);

To see your Drupal website displayed into a frame of an external website you must change X-Frame-Options (or remove it).

The solution

Although Drupal documentation (https://www.drupal.org/node/2735873) explains that you can remove the X-Frame-Options header via the page_alter, I discovered that under certain conditions this strategy does not work at all.

In my case I was able to surf the site from a Frame only if I was logged in with an active session.

To achieve a better solution, my suggestion is to modify the Drupal variable x_frame_options before the drupal_deliver_html_page is called.
I did this (and it works like charme) via page_delivery_callback_alter, where I set the variable to FALSE under certain satisfited conditions (i.e. the page is requested from a whitelist domain).

function MYMODULENAME_page_delivery_callback_alter(&$delivery_callback) {
  $domains = variable_get('ur_com_xframe_allowed',array('http://www.myalloweddomain.xxx/'));
  //removing frameset limitation for certain referrers
    //setting the variable to false in order to avoid a future setting of the header
    variable_set('x_frame_options', FALSE);
  } else {
    //default behavior
    variable_set('x_frame_options', 'SAMEORIGIN');

Hope this help.