Parent Page

This page tries to load assets from the subdomains.

• Child1 page | Child 1 iFrame
• Child2 page | Child 2 iFrame
• Child3 page | Child 3 iFrame

Child1 in an iFrame

This should fail as child1 has Header set X-Frame-Options DENY.

Child2 in an iFrame

This should fail as child2 has Header set X-Frame-Options SAMEORIGIN.

Child3 in an iFrame

This should fail as child3 has Header add Content-Security-Policy "frame-ancestors 'self' http://child2.marcpatterson.com;".

An image from child1

This should work as there's nothing on child1 to prevent images being loaded by other domains.

An image from child2

This should fail and show a fake image warning as child 2 has these lines in the .htaccess:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://child2.marcpatterson.com [NC]
RewriteRule \.(gif|jpg|png)$ http://marcpatterson.com/img/fake.png [R,L]