from the same domain.
However, if you on Once you are done with the implementation, you can either use browser inbuilt developer tools or
This article brings forth a way to integrate the defense in depth concept to the client-side of web applications. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
Header set Content-Security-Policy "default-src 'self';" Added to the httpd.conf or .htaccess file, this will set a default policy to allow only content from the current origin (see below for details).
There are many options to build the policy to enforce how you want to expose your web resources.I think X-Frame-Options will be obsolete in the near future when CSP is fully compatible with all the major browsers. A global CDN and cloud-based web application firewall for your website to supercharge the performance and secure from online threats. In this case you can use:Now suppose we want to allow https://a.example.com and https://b.example.com to frame our page, we can specify it with You might see an error message in the developer tools console such when you try to load a page in a frame, or iframe that is not allowed by the The frame-ancestors CSP directive is not supported at all in Internet Explorer, you need to use the Edge browser instead. or within the server configuration such as Apache’s .htaccess file, e.g. If you don't specifically define a header like script-src for scripts, the website will fallback to default-src. The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using ,