Content-Security-Policy: frame-src directive

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since August 2016.

The HTTP Content-Security-Policy (CSP) frame-src directive specifies valid sources for nested browsing contexts loading using elements such as and