Content-Security-Policyframe-ancestorsweb.config<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="Content-Security-Policy" />
<add name="Content-Security-Policy" value="frame-ancestors 'self' https://yourdomain.com https://*.anotherdomain.net;" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Name: Content-Security-Policy
Value: frame-ancestors 'self' https://yourdomain.com https://yourotherdomain https://*.yourdomain.com https://*.yourotherdomain
Global.asaxstring cspPath = HostingEnvironment.MapPath("~/Syntax/csp-header.txt");
string cspValue = System.IO.File.ReadAllText(cspPath);
HttpContext.Current.Response.AddHeader("Content-Security-Policy", cspValue);