THE article by Jan Kopriva analyzes the evolution of framing protection security headers, specifically X-Frame-Options and CSP with frame-ancestors, over the past three years. The analysis reveals a decrease in top 1,000 domains implementing these security measures, while a significant increase is seen in top 100,000 and 1 million domains. X-Frame-Options' usage includes 'SAMEORIGIN', 'DENY', and 'ALLOW-FROM', with 'SAMEORIGIN' being the most common.
In contrast, CSP frame-ancestors showed notable growth, with 'self' and 'none' being the most frequently used directives. The article concludes that, despite improvements, many popular domains still lack framing protection, highlighting the need for enhanced implementation across the web.