From ca0ac39a49a73006c868777dcc2aa62c3a6d7ca5 Mon Sep 17 00:00:00 2001 From: Luke Warlow Date: Thu, 23 Jan 2025 18:21:35 +0000 Subject: [PATCH] Remove deprecated_inline from X-Frame-Options SAMEORIGIN (#37775) --- files/en-us/web/http/headers/x-frame-options/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/x-frame-options/index.md b/files/en-us/web/http/headers/x-frame-options/index.md index 5e09c97a233aafd..5bad2b2907bc678 100644 --- a/files/en-us/web/http/headers/x-frame-options/index.md +++ b/files/en-us/web/http/headers/x-frame-options/index.md @@ -40,7 +40,7 @@ If you specify `DENY`, not only will the browser attempt to load the page in a f - `DENY` - : The page cannot be displayed in a frame, regardless of the site attempting to do so. -- `SAMEORIGIN` {{deprecated_inline}} +- `SAMEORIGIN` - : The page can only be displayed if all ancestor frames are same origin to the page itself. - `ALLOW-FROM origin` {{deprecated_inline}} - : This is an obsolete directive. Modern browsers that encounter response headers with this directive will ignore the header completely. The {{HTTPHeader("Content-Security-Policy")}} HTTP header has a {{HTTPHeader("Content-Security-Policy/frame-ancestors", "frame-ancestors")}} directive which you should use instead.