Child3 Frame Page

This page tries to load assets from itself.

Child3 in an iFrame

This should fail as child1 has Header set X-Frame-Options DENY.

Child2 in an iFrame

This should fail as child2 has Header set X-Frame-Options SAMEORIGIN.

Child3 in an iFrame

This should work as child3 has Header add Content-Security-Policy "frame-ancestors 'self' http://child2.marcpatterson.com;".

An image from child2