Prevent Page Being Framed Header set Content-Security-Policy “frame-ancestors ‘none’;” In .htaccess – that’s it (apparently).