From 31e01724c5ebc63f5d91e0ffb2788fb4269c40e2 Mon Sep 17 00:00:00 2001
From: scottmakestech <83726258+scottmakestech@users.noreply.github.com>
Date: Fri, 13 Feb 2026 15:28:43 -0600
Subject: [PATCH] Prevent nesting site in iFrame

Adds X-Frame-Options and CSP frame-ancestors headers to prevent this site from being embedded in an iframe on other domains. X-Frame-Options is the legacy header; frame-ancestors is the modern CSP equivalent. Both are set for maximum browser compatibility. See letsencrypt/website#1080 and letsencrypt/website#2148.
---
 netlify.toml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/netlify.toml b/netlify.toml
index 8dd6927..4c66c08 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -27,6 +27,12 @@
   command = "hugo -b $DEPLOY_PRIME_URL --buildFuture"
 
 
+[[headers]]
+  for = "/*"
+  [headers.values]
+    X-Frame-Options = "DENY"
+    Content-Security-Policy = "frame-ancestors 'none'"
+
 [[redirects]]
   from = "https://memorysafety.dev/*"
   to = "https://www.memorysafety.org/:splat"