The Debug WebUI currently supports only the X-Frame-Options header, which is necessary due to backward compatibility, however in the future it will be replaced by the Content Security Policy’s frame-ancestors directive:
Content Security Policy’s frame-ancestors directive obsoletes the X-Frame-Options header. If a resource has both policies, the frame-ancestors policy SHOULD be enforced and the X-Frame-Options policy SHOULD be ignored [w3.org].
As described in Section 22.214.171.124, not all browsers implement X-Frame-Options in exactly the same way, which can lead to unintended results. And, given that the "X-" construction is deprecated [RFC6648], the X-Frame-Options header field will be replaced in the future by the Frame-Options directive in the Content Security Policy (CSP) version 1.1 [CSP-1-1]. [RFC 7034]
CSP's frame-ancestor header should be implemented to adhere the current security best practices and depending on a deprecated feature in the future.