Skip to content

Update: Clickjacking Defense Cheat Sheet #1878

New issue
New issue
Open
Open
Update: Clickjacking Defense Cheat Sheet#1878
Assignees
andrealungh1
Labels
ACK_OBTAINEDIssue acknowledged from core team so work can be done to fix it.UPDATE_CSIssue about the update/refactoring of a existing cheat sheet.
@andrealungh1

Description

@andrealungh1
andrealungh1
opened on Nov 4, 2025

What is missing or needs to be updated?

The documentation mentions that meta tags attempting to apply the X-Frame-Options directive do not work, but it does not mention that the same limitation applies to the frame-ancestors directive of the Content Security Policy (CSP).

How should this be resolved?

Clarify in the documentation that the frame-ancestors CSP directive also does not work when set via a <meta http-equiv="Content-Security-Policy"> tag, and must be delivered through the HTTP response header instead.

Metadata

Metadata

Assignees

Labels

ACK_OBTAINEDIssue acknowledged from core team so work can be done to fix it.UPDATE_CSIssue about the update/refactoring of a existing cheat sheet.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions