This page tries to load assets from the subdomains.
This should fail as child1 has Header set X-Frame-Options DENY
.
This should fail as child2 has Header set X-Frame-Options SAMEORIGIN
.
This should fail as child3 has Header add Content-Security-Policy "frame-ancestors 'self' http://child2.marcpatterson.com;"
.
This should work as there's nothing on child1 to prevent images being loaded by other domains.
This should fail and show a fake image warning as child 2 has these lines in the .htaccess:
RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://child2.marcpatterson.com [NC] RewriteRule \.(gif|jpg|png)$ http://marcpatterson.com/img/fake.png [R,L]