Whether or not to send the X-Frame-Options HTTP header.