From 236352850200a125a3e7e8fb96887d56b7bd5f04 Mon Sep 17 00:00:00 2001
From: hillbrad
each ancestor. If any ancestor doesn't match, the load
is cancelled.frame-ancestors
The frame-ancestors
directive obsoletes the
+ X-Frame-Options
header. If a resource has both policies,
+ the frame-ancestors
policy SHOULD be enforced and the
+ X-Frame-Options
policy SHOULD be ignored.
When generating a violation report for a frame-ancestors
violation,
the user agent MUST NOT include the value of the embedding ancestor as a
blocked-uri
value unless it is same-origin with the protected resource,