htaccess – How To Add CSP frame ancestors in WordPress Website?
I’m trying to add Content Security Policy (CSP) frame ancestors in .htaccess file to prevent our website from getting iframed on other websites.
Following is the code:
Header set Content-Security-Policy "frame-ancestors 'self';"
This requires mod_headers to be enabled.
But when we enable mod_headers, it gives us Internal Server Error.
Note: We have a plugin installed that uses mod_header in .htaccess.
Prevent other sites from showing my site via iframe
Note 2: I am using Apache2 Server
Note 3 (Very Important): When we remove the mod_headers added by the above plugin, the CSP header gets added and no error is encountered.
But we do not want to remove the plugin / mod_headers added by the plugin.
Leave an answer