Frame Ancestors Sources
A space-separated list of sources to allow in the frame-ancestors directive in the Content Security Policy (CSP) header for agent responses. This directive specifies the sources that can embed the page in a frame, iframe, embed, or object.
The sources are validated against the CSP specification for the frame-ancestors directive, and the agent won’t start if the value is invalid.
Additionally these sources must comply with the following rules:
-
The
nonevalue is not allowed. -
Only the
http:andhttpsschemes are allowed. -
Hostnames can start with a wildcard character
*to allow subdomains. -
Port numbers can be a single wildcard or a valid TCP/IP port.
Example valid values:
'self' https: https://*.example.com https://www.othersite.com:9000
Example invalid values:
'none' file: ftp://example.com .example. example.com:*1024
If this property isn’t set, the agent sets the frame-ancestors directive to 'self'.
This property is only used when Frame Ancestors None is 0.
Default: Empty
Property name |
|
Function |
Content Security Policy |
Type |
String List |
Bootstrap property |
Yes |
Required property |
No |
Restart required |
No |