Isn't X-Frame-Options deprecated? Pretty sure we're supposed to use Content-Secu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		5706906c06c on May 17, 2017 \| parent \| context \| favorite \| on: HTTP security headers Isn't X-Frame-Options deprecated? Pretty sure we're supposed to use Content-Security-Policy instead?

hdhzy on May 17, 2017 [–]

Yes but there are still browsers that support only XFO so it's mostly for them.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact