dd name="Content-Security-Policy" value="frame-ancestors 'none'" /> Next, we alter the values from deny to allow .