Update frame-ancestor directive to match Content Security Policy Level 3