Framing Isolation Policy is a stricter version of Framing Protections where the request gets blocked at the application level rather than by the browser. This is designed to protect against various attacks (e.g. XSSI, CSRF, XS-Leaks) by blocking framing requests to endpoints that are not intended to be framable. It can be combined with Resource Isolation Policy to effectively tighten the attack surface within cross-site information leaks. tip Instead of rejecting all non-framable endpoints, t...
