First of all - thanks April! It is a very helpful add-on, exactly what I've searched for. I was able to create the policy within only 5 minutes.
The use of the X-Frame-Options header and Content Security Policy’s frame-ancestors directive are a simple and easy way to protect your site against clickjacking attacks.
Reference: Mozilla Web Security Guidelines (X-Frame-Options)
The X-Frame-Options header will be soon obsolete as it is replaced by the frame-ancestors directive.
Can you please add support for this frame-ancestors? The observatory service is already validating if a frame-ancestors directive does exists.
First of all - thanks April! It is a very helpful add-on, exactly what I've searched for. I was able to create the policy within only 5 minutes.
The use of the X-Frame-Options header and Content Security Policy’s frame-ancestors directive are a simple and easy way to protect your site against clickjacking attacks. Reference: Mozilla Web Security Guidelines (X-Frame-Options)
The
X-Frame-Optionsheader will be soon obsolete as it is replaced by theframe-ancestorsdirective. Can you please add support for this frame-ancestors? The observatory service is already validating if a frame-ancestors directive does exists.