Tone down X-Frame-Options warning (#37774)

mdn · Jan 23, 2025 · 8c47156 · 8c47156
1 parent 7eb271b
commit 8c47156
Showing 1 changed file with 2 additions and 6 deletions.
diff --git a/files/en-us/web/http/headers/x-frame-options/index.md b/files/en-us/web/http/headers/x-frame-options/index.md
@@ -2,15 +2,11 @@
 title: X-Frame-Options
 slug: Web/HTTP/Headers/X-Frame-Options
 page-type: http-header
-status:
-  - deprecated
 browser-compat: http.headers.X-Frame-Options
 ---
 
-{{HTTPSidebar}}{{deprecated_header}}
-
-> [!WARNING]
-> Instead of this header, use the {{HTTPHeader("Content-Security-Policy/frame-ancestors", "frame-ancestors")}} directive in a {{HTTPHeader("Content-Security-Policy")}} header.
+> [!NOTE]
+> For more comprehensive options than offered by this header, see the {{HTTPHeader("Content-Security-Policy/frame-ancestors", "frame-ancestors")}} directive in a {{HTTPHeader("Content-Security-Policy")}} header.
 
 The HTTP **`X-Frame-Options`** {{Glossary("response header")}} can be used to indicate whether a browser should be allowed to render a page in a {{HTMLElement("frame")}}, {{HTMLElement("iframe")}}, {{HTMLElement("embed")}} or {{HTMLElement("object")}}. Sites can use this to avoid [clickjacking](/en-US/docs/Web/Security/Types_of_attacks#clickjacking) attacks, by ensuring that their content is not embedded into other sites.