ip by content

I would like to create a page on another domain that demonstrates stream isolation in Tor Browser. This is the mechanism whereby each website is downloaded via a different Tor circuit, but a web page in an iframe is downloaded via the same Tor circuit as the first party parent document was.

Right now, https://check.torproject.org/api/ip cannot be included in iframes or fetched by a script in a web page.

So I would like to propose setting Access-Control-Allow-Origin: * and removing the X-Frame-Options header for this particular endpoint.