When you try to open the Appinv.aspx page in an iFrame, the page isn't successfully displayed. When this issue occurs, the request response headers include an "X-FRAME-OPTIONS: DENY" message.
To help maintain security, the Appinv.aspx page is prevented from being displayed in an iframe.
To fix this issue, install one of the following updates:
To display the Appinv.aspx page in an iframe in trusted domains, the farm administrator can add the trusted domains to the AllowIframeAppAuthorizePageDomains list in the farm by running the following commands:
$f.AddGenericAllowedListValue("AllowIframeAppAuthorizePageDomains","<enable domain name>")
Note: You can add one trusted domain to the AllowIframeAppAuthorizePageDomains list by using the commands every time. Additionally, you can add a wildcard domain, such as *.contoso.com, to AllowIframeAppAuthorizePageDomains.