{% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %}
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self' {{primary_domain}};" always;
{% endif %}