#
# Prevent displaying inside an iframe
#
add_header 'X-Frame-Options' 'DENY' always;
add_header 'Content-Security-Policy' "frame-ancestors 'none'" always;