gecko-dev/dom/security/test/general/file_framing_error_pages.sjs

"use strict";

function handleRequest(request, response) {

  response.setHeader("Cache-Control", "no-cache", false);
  response.setHeader("Content-Type", "text/html", false);

  let query = request.queryString;
  if (query === "xfo") {
    response.setHeader("x-frame-options", "deny", false);
    response.write("<html>xfo test loaded</html>");
    return;
  }

  if (query === "csp") {
    response.setHeader("content-security-policy", "frame-ancestors 'none'", false);
    response.write("<html>csp test loaded</html>");
    return;
  }

  // we should never get here, but just in case
  // return something unexpected
  response.write("do'h");
}