Default Attribute
self
Policy Description
The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using <frame>
, <iframe>
, <object>
, <embed>
, or <applet>
.Setting this directive to ‘none’ is similar to X-Frame-Options: deny (which is also supported in older browsers).