ocean90/plugin.php

## plugin.php
/**
 * Add a X-XSS-Protection = 0 header for post previews to allow
 * Webkit browsers to render iframe and flash objects.
 * @see: http://core.trac.wordpress.org/ticket/20148
 *
 * @param $headers array  Already added header items.
 * @param $object  WP     The query variables.
 *
 * @return array
 */
function send_no_xss_protection_header( $headers, $object ) {
	if (
		! empty( $object->query_vars['preview'] ) &&
		! empty( $object->query_vars['p'] ) &&
		wp_get_referer() &&
		wp_get_referer() == sprintf( admin_url( 'post.php?post=%d&action=edit' ), $object->query_vars['p'] )
	)
		$headers['X-XSS-Protection'] = 0;


	return $headers;
}
add_filter( 'wp_headers', 'send_no_xss_protection_header', 10, 2 );
	/**
	* Add a X-XSS-Protection = 0 header for post previews to allow
	* Webkit browsers to render iframe and flash objects.
	* @see: http://core.trac.wordpress.org/ticket/20148
	*
	* @param $headers array Already added header items.
	* @param $object WP The query variables.
	*
	* @return array
	*/
	function send_no_xss_protection_header( $headers, $object ) {
	if (
	! empty( $object->query_vars['preview'] ) &&
	! empty( $object->query_vars['p'] ) &&
	wp_get_referer() &&
	wp_get_referer() == sprintf( admin_url( 'post.php?post=%d&action=edit' ), $object->query_vars['p'] )
	)
	$headers['X-XSS-Protection'] = 0;


	return $headers;
	}
	add_filter( 'wp_headers', 'send_no_xss_protection_header', 10, 2 );