From 33f18c1c9ce440a48d1dce8839dff930d6298064 Mon Sep 17 00:00:00 2001
From: scottmakestech <83726258+scottmakestech@users.noreply.github.com>
Date: Fri, 13 Feb 2026 15:07:59 -0600
Subject: [PATCH] Sets frame-ancestors property to none to prevent nesting this
 site in an iframe. Fixes #1080.

---
 config/_default/server.toml | 1 +
 netlify.toml                | 1 +
 2 files changed, 2 insertions(+)

diff --git a/config/_default/server.toml b/config/_default/server.toml
index 678004108c..90b18ce4dd 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -65,6 +65,7 @@ Content-Security-Policy = """
         https://d4twhgtvn0ff5.cloudfront.net/
         https://letsencrypt-merch.myshopify.com
     ;
+    frame-ancestors 'none';
 """
 
 [[headers]]
diff --git a/netlify.toml b/netlify.toml
index 5fd2da3779..a5761d299a 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -83,6 +83,7 @@ Content-Security-Policy = """
         https://www.paypal.com
         https://www.google-analytics.com
     ;
+    frame-ancestors 'none';
 """
 
 [[headers]]