You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: files/en-us/web/http/headers/x-frame-options/index.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ If you specify `DENY`, not only will the browser attempt to load the page in a f
40
40
41
41
-`DENY`
42
42
- : The page cannot be displayed in a frame, regardless of the site attempting to do so.
43
-
-`SAMEORIGIN` {{deprecated_inline}}
43
+
-`SAMEORIGIN`
44
44
- : The page can only be displayed if all ancestor frames are same origin to the page itself.
45
45
-`ALLOW-FROM origin` {{deprecated_inline}}
46
46
- : This is an obsolete directive. Modern browsers that encounter response headers with this directive will ignore the header completely. The {{HTTPHeader("Content-Security-Policy")}} HTTP header has a {{HTTPHeader("Content-Security-Policy/frame-ancestors", "frame-ancestors")}} directive which you should use instead.
0 commit comments