X-Frame-Options: Allow-From directive has been removed

Published: | Categories: Networking, Privacy & Security


The support for the allow-from directive for the obsolete X-Frame-Options HTTP response header has been dropped with Firefox 70. While it’s still useful for older browsers including Internet Explorer, you should be using the Content-Security-Policy (CSP) header’s frame-ancestors directive in combination for modern browsers.