<!DOCTYPE html>
<meta charset="utf-8">
<title>X-Frame-Options variations of DENY</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="./support/helper.sub.js"></script>
<body>
<script>
"use strict";
xfo_simple_tests({
headerValue: `DENY`,
sameOriginAllowed: false,
crossOriginAllowed: false
});
xfo_simple_tests({
headerValue: `denY`,
sameOriginAllowed: false,
crossOriginAllowed: false
});
xfo_simple_tests({
headerValue: ` DENY `,
sameOriginAllowed: false,
crossOriginAllowed: false
});
xfo_simple_tests({
headerValue: `DENY`,
cspValue: `default-src 'self'`,
sameOriginAllowed: false,
crossOriginAllowed: false
});
xfo_simple_tests({
headerValue: `DENY`,
cspValue: `frame-ancestors 'self'`,
sameOriginAllowed: true,
crossOriginAllowed: false
});
</script>
Codebase Browser
chromium