Content-Type: text/html; charset=UTF-8
Content-Security-Policy: frame-ancestors {{GET[policy]}}
X-Frame-Options: {{GET[xfo]}}