Child1 Frame Page

This page tries to load assets from itself.

Child1 in an iFrame

This should fail as child1 has Header set X-Frame-Options DENY.

Child2 in an iFrame

This should fail as child2 has Header set X-Frame-Options SAMEORIGIN.

Child3 in an iFrame

This should fail as child3 has Header add Content-Security-Policy "frame-ancestors 'self' http://child2.marcpatterson.com;".