[wp-trac] [WordPress Trac] #29429: Support frame-ancestors directive over X-Frame-Options
WordPress Trac
noreply at wordpress.org
Sat Aug 23 14:04:40 UTC 2025
#29429: Support frame-ancestors directive over X-Frame-Options
------------------------------------------------+--------------------------
Reporter: danielbachhuber | Owner:
| SergeyBiryukov
Type: enhancement | Status: accepted
Priority: normal | Milestone: Future
| Release
Component: Security | Version:
Severity: normal | Resolution:
Keywords: dev-feedback has-patch 2nd-opinion | Focuses:
------------------------------------------------+--------------------------
Changes (by SergeyBiryukov):
* owner: (none) => SergeyBiryukov
* status: reopened => accepted
Comment:
Replying to [ticket:29429 danielbachhuber]:
> According to MDN, `X-Frame-Options` is deprecated:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
>
> `frame-ancestors` should be used instead.
It appears that `X-Frame-Options` is no longer marked as deprecated as of
January 2025:
* [https://github.com/mdn/browser-compat-data/pull/25663 mdn/browser-
compat-data: Undeprecate X-Frame-Options #25663]
* [https://github.com/mdn/content/pull/37774 mdn/content: Tone down X
-Frame-Options warning #37774]
That said, adding `Content-Security-Policy: frame-ancestors` still makes
sense to me.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29429#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list