Safari 10 has supported a new security feature "Content Security Policy Level 2", CSP2, that is a W3C standard proposed for mitigating common security attacks on the web applications, e.g. XSS.
CSP2 has an interesting directive "frame-ancestors" that replaces and obsolete existing X-Frame-Options header. If a document is delivered with frame-ancestors 'self' in the header a user-agent rejects loading of the document as a frame content of the other origins. And if "report-uri" is set together a user-agent sends a violation report to the provided endpoint to inform observation of framing attacks. This report could be a good information to be aware of HTTP/L7 client side attacks in t