允许同源

add_header X-Frame-Options SAMEORIGIN;

允许泛域名

add_header X-Frame-Options "allow-from https://*.xxx.cn/";

新版配置代替以上2个

add_header Content-Security-Policy "connect-src *;frame-ancestors https://*.jobpi.cn/ https://*.schoolpi.net/; ";

#完全禁止其他站点嵌入你的页面
add_header Content-Security-Policy "frame-ancestors 'none';";

允许特定来源
add_header Content-Security-Policy "frame-ancestors https://example.com https://another-example.com;";

允许同源站点
add_header Content-Security-Policy "frame-ancestors 'self';";

允许所有来源
add_header Content-Security-Policy "frame-ancestors *;";