CSP issue

wav3front

Hi,

My site runs at domain.com (no www).
I'm getting this error:

Refused to frame 'https://domain.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://*.domain.com".

I did try adding .htaccess:

Header add Content-Security-Policy "frame-ancestors 'domain.com';"

But it did not work.

Any ideas?

Thanks
Alex

JohnB

Check the response headers to see if the new headers actually are in affect.

If they are post your exact line from HR access. Just change your domain name if you need to for privacy

wav3front

I was able to resolve this with Cloudflare transform rules