From 236352850200a125a3e7e8fb96887d56b7bd5f04 Mon Sep 17 00:00:00 2001
From: hillbrad <hillbrad@gmail.com>
Date: Tue, 11 Feb 2014 14:28:38 -0800
Subject: [PATCH] Added relation to XFO header.

---
 specs/content-security-policy/csp-specification.dev.html | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/specs/content-security-policy/csp-specification.dev.html b/specs/content-security-policy/csp-specification.dev.html
index 75e7f5d4..144c8fff 100644
--- a/specs/content-security-policy/csp-specification.dev.html
+++ b/specs/content-security-policy/csp-specification.dev.html
@@ -1445,6 +1445,11 @@ <h4><code>frame-ancestors</code></h4>
         each ancestor. If any ancestor doesn't match, the load
         is cancelled.</p>
 
+        <p>The <code>frame-ancestors</code> directive <em>obsoletes</em> the
+        <code>X-Frame-Options</code> header.   If a resource has both policies,
+        the <code>frame-ancestors</code> policy SHOULD be enforced and the 
+        <code>X-Frame-Options</code> policy SHOULD be ignored.</p>
+
         <p>When generating a violation report for a <code>frame-ancestors</code> violation,
         the user agent MUST NOT include the value of the embedding ancestor as a
         <code>blocked-uri</code> value unless it is same-origin with the protected resource,