frame-ancestors

Default Attribute

self

Policy Description

The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using <frame><iframe><object><embed>, or <applet>.Setting this directive to ‘none’ is similar to X-Frame-Options: deny (which is also supported in older browsers).