Clarify frame-ancestors behavior in nested frames (mdn#40886)

* Clarify frame-ancestors behavior in nested frames

Added clarification on the behavior of the frame-ancestors directive in nested frames.

* Update files/en-us/web/http/reference/headers/content-security-policy/frame-ancestors/index.md

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Update files/en-us/web/http/reference/headers/content-security-policy/frame-ancestors/index.md

Co-authored-by: Brian Smith <brian@smith.berlin>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Brian Smith <brian@smith.berlin>

Author: 3 people

files/en-us/web/http/reference/headers/content-security-policy/frame-ancestors/index.md

@@ -15,6 +15,9 @@ Setting this directive to `'none'` is similar to {{HTTPHeader("X-Frame-Options",
 > **`frame-ancestors`** allows you to specify what parent source may embed a page.
 > This differs from **`frame-src`**, which allows you to specify where iframes in a page may be loaded from.
 
+> [!NOTE]
+> The **`frame-ancestors`** directive [checks each ancestor](https://www.w3.org/TR/CSP2/#frame-ancestors-and-frame-options). If any ancestor doesn't match, the load is cancelled. Therefore all ancestors should be allowed by the **`frame-ancestors`** directive of leaf frames when using nested frames.
+
 <table class="properties">
   <tbody>
     <tr>