Sorry to trouble and please forgive if duplicate but I have looked!
I am trying to assemble security headers for htaccess to help my customers pass PCI Compliance.
I am not at all sure whether...
Header always set X-Frame-Options "SAMEORIGIN"
Header set Content-Security-Policy: "frame-ancestors 'none'"
...are essentially duplicates or whether they each have a role to play?
Advice gratefully received - thank you!