How to set X-Frame-Options Allow-From in nginx correctly
in Chrome and Safari you need to use Content-Security-Policy Content-Security-Policy: frame-ancestors domain.com You can check more details on this site: https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives