htaccess – How To Add CSP frame ancestors in WordPress Website?


I’m trying to add Content Security Policy (CSP) frame ancestors in .htaccess file to prevent our website from getting iframed on other websites.
Following is the code:
<IfModule mod_headers.c>
Header set Content-Security-Policy "frame-ancestors 'self';"
This requires mod_headers to be enabled.
But when we enable mod_headers, it gives us Internal Server Error.

Note: We have a plugin installed that uses mod_header in .htaccess.
Prevent other sites from showing my site via iframe

Note 2: I am using Apache2 Server

Note 3 (Very Important): When we remove the mod_headers added by the above plugin, the CSP header gets added and no error is encountered.
But we do not want to remove the plugin / mod_headers added by the plugin.

Vaibhav Singh 2 months 2023-02-07T13:21:22-05:00 0 Answers 0 views 0

Leave an answer