Which HTTP headers to use for subdomain embedding?

I have a WordPress site hosted on LightSail (which uses bitnami). The domain is https://example.com
On a subdomain https://sub.example.com I have another server running. On this server, I want to embed a page from the main domain https://example.com/a-page. Currently, I am getting errors that permission is denied.

I have updated the htaccess file like so:

Header set X-Frame-Options "ALLOW-FROM https://*.example.com"
Header set Content-Security-Policy "frame-ancestors 'self' https: *.example.com"
Header set Referrer-Policy "strict-origin-when-cross-origin"

But the headers don’t seem to updating or allowing any iframe embeds. I’m not very well-versed on HTTP Headers so apologies if this is a rather silly question.

Thanks!

I was able to figure out that because Lightsail uses a Bitnami deployment of WordPress, Bitnami overrides the .htaccess file.

Instead you have to update the /opt/bitnami/apache2/conf/httpd.conf file by adding the following content:

<IfModule headers_module>
    <IfVersion >= 2.4.7 >
        Header always setifempty X-Frame-Options ALLOW-FROM https://*.example.com
    </IfVersion>
    <IfVersion < 2.4.7 >
        Header always merge X-Frame-Options ALLOW-FROM https://*example.com
    </IfVersion>
</IfModule>

Reference:
https://docs.bitnami.com/bch/apps/livehelperchat/configuration/enable-framing/