When using Laravel Forge, the service helpfully sets up a strong, secure NGINX file for you. This is very helpful, however it does add some interesting headers that stop the website being embedded into an iframe.
This may be desirable, but if not you'll need to comment out this one line in the NGINX configuration file. This can quickly be done within the Forge interface, and the service will restart NGINX automatically.
#add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff";