Baseline Widely available
The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using <frame>, <iframe>, <object>, or <embed>.
Setting this directive to 'none' is similar to X-Frame-Options: deny (which is also supported in older browsers).
Note: frame-ancestors allows you to specify what parent source may embed a page. This differs from frame-src, which allows you to specify where iframes in a page may be loaded from.
Content-Security-Policy: frame-ancestors 'none';
Content-Security-Policy: frame-ancestors <source-expression-list>;
This directive may have one of the following values:
'none'
This resource may not be embedded. The single quotes are mandatory.
<source-expression-list>
A space-separated list of source expression values. This resource may be embedded if the embedder matches any of the given source expressions. For this directive, the following source expression values are applicable:
Note: The frame-ancestors directive's syntax is similar to the source list syntax accepted by other directives (e.g., child-src), but it does not fall back to the default-src setting. A policy that declares default-src 'none' still allows the resource to be embedded by anyone.
Content-Security-Policy: frame-ancestors 'none';
Content-Security-Policy: frame-ancestors 'self' https://www.example.org;
Content-Security-Policy: frame-ancestors 'self' https://example.org https://example.com https://store.example.com;
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4