How to allow X-Frame to specific domain

Well, after reading lots of threads, I already know the X-Frame option is set to SAMEORIGIN, hardcoded in

server / lib / private / legacy / response.php.

I tried editing it, and also adding this Nginx directive (I’m using Plesk)

proxy_hide_header X-Frame-Options;
add_header X-Frame-Options "";

and also in my HTTPs directives in Apache, but none of them seem to allow my other domain I’m trying to allow. I’ve also restarted apache and nginx, but I still can’t iframe my media file in the <audio> tag. What’s the correct way to allow a specific domain, or what am I missing?