Prova anche questo
<meta http-equiv="Content-Security-Policy" content="frame-ancestors 'none' https://www.example.org;">
edit
questo e' corretto
<meta http-equiv="Content-Security-Policy" content="frame-src https://www.example.org;">
dalla guida mozilla
Note: frame-src allows you to specify where iframes in a page may be loaded from. This differs from frame-ancestors, which allows you to specify what parent source may embed a page.
Rispondi quotando