diff --git a/src/Yesod/Csp.hs b/src/Yesod/Csp.hs
--- a/src/Yesod/Csp.hs
+++ b/src/Yesod/Csp.hs
@@ -130,6 +130,7 @@
                  | ObjectSrc SourceList
                  | MediaSrc SourceList
                  | FrameSrc SourceList
+                 | FrameAncestors SourceList
                  -- | Applies a sandbox to the result. <http://content-security-policy.com/ See here> for more info.
                  | Sandbox [SandboxOptions]
                  | ReportUri EscapedURI deriving (Eq, Show, Data, Typeable)
@@ -150,6 +151,7 @@
 textDirective (ObjectSrc x) =  w "object-src" x
 textDirective (MediaSrc x) =  w "media-src" x
 textDirective (FrameSrc x) =  w "frame-src" x
+textDirective (FrameAncestors x) =  w "frame-ancestors" x
 textDirective (ReportUri t) = mconcat ["report-uri ", (pack . show) t]
 textDirective (Sandbox []) = "sandbox"
 textDirective (Sandbox s) = mconcat ["sandbox ", T.unwords . fmap textSandbox $ s]
diff --git a/src/Yesod/Csp/Example.hs b/src/Yesod/Csp/Example.hs
--- a/src/Yesod/Csp/Example.hs
+++ b/src/Yesod/Csp/Example.hs
@@ -5,7 +5,6 @@
 -- | Assorted examples demonstrating different policies.
 module Yesod.Csp.Example where
 
-import           Data.Generics.Uniplate.Data
 import           Data.List.NonEmpty
 import           Data.Maybe
 import           Yesod                       hiding (get)
@@ -103,25 +102,17 @@
 cdn :: Source
 cdn = Host (fromJust $ escapeAndParseURI "https://cdn.com")
 
+
 getExample8R :: Handler Html
 getExample8R = do
-  let policy = [csp|script-src 'self'|]
-  cspPolicy $ addCdn <$> policy
-  defaultLayout [whamlet|wooo|]
-  where addCdn = transform f
-        f (ScriptSrc x) = ScriptSrc $ cdn <| x
-        f x = x
-
-getExample9R :: Handler Html
-getExample9R = do
   cspPolicy [csp|script-src 'nonce-foo'|]
   defaultLayout $ [whamlet|
     <script nonce="foo">
       alert("ayyyy");
   |]
 
-getExample10R :: Handler Html
-getExample10R = do
+getExample9R :: Handler Html
+getExample9R = do
   let n = "foo"
   cspPolicy [csp|script-src $nonce-n|]
   defaultLayout $ [whamlet|
@@ -129,14 +120,24 @@
       alert("ayyyy");
   |]
 
-getExample11R :: Handler Html
-getExample11R = do
+getExample10R :: Handler Html
+getExample10R = do
   let n = "bar"
   cspPolicy [csp|script-src $nonce-n|]
   defaultLayout $ [whamlet|
     <script nonce="foo">
       alert("ayyyy");
   |]
+
+getExample11R :: Handler Html
+getExample11R = do
+  let google = fromJust (escapeAndParseURI "https://google.ie")
+  cspPolicy [FrameAncestors (Host google :| [])]
+  defaultLayout $
+    [whamlet|
+      I should only be iframe-able by Google!
+    |]
+
 
 -- | Run a webserver to serve these examples at /1, /2, etc.
 runExamples :: IO ()
diff --git a/src/Yesod/Csp/TH.hs b/src/Yesod/Csp/TH.hs
--- a/src/Yesod/Csp/TH.hs
+++ b/src/Yesod/Csp/TH.hs
@@ -103,6 +103,7 @@
                  <|> objectSrc
                  <|> mediaSrc
                  <|> frameSrc
+                 <|> frameAncestors
   where defaultSrc = d "default-src" DefaultSrc
         scriptSrc = d "script-src" ScriptSrc
         styleSrc = d "style-src" StyleSrc
@@ -112,6 +113,7 @@
         objectSrc = d "object-src" ObjectSrc
         mediaSrc = d "media-src" MediaSrc
         frameSrc = d "frame-src" FrameSrc
+        frameAncestors = d "frame-ancestors" FrameAncestors
         d x y = string x >> s >> slist >>= mkWithSource y
         slist = sepBy1 source (char ' ')
         s = spaces
diff --git a/test/Test.hs b/test/Test.hs
--- a/test/Test.hs
+++ b/test/Test.hs
@@ -28,24 +28,24 @@
   ydescribe "Generation" $ do
     yit "works" $ do
       let header = getCspPolicy [ScriptSrc (Self :| []), StyleSrc (Https :| [Self])]
-      assertEqual "simple header" header "script-src 'self'; style-src https: 'self'"
+      assertEq "simple header" header "script-src 'self'; style-src https: 'self'"
     yit "works with domains" $ do
       let dom = fromJust $ escapeAndParseURI "https://foo.com/bar *"
           header = getCspPolicy [ScriptSrc (Host dom :| [])]
-      assertEqual "foo.com script-src" header "script-src https://foo.com/bar%20%2A"
+      assertEq "foo.com script-src" header "script-src https://foo.com/bar%20%2A"
     yit "works with nonce-source" $ do
       let header = getCspPolicy [ScriptSrc (nonce "foo" :| [])]
-      assertEqual "basic nonce-source" header "script-src 'nonce-foo'"
+      assertEq "basic nonce-source" header "script-src 'nonce-foo'"
     yit "works with report_uri" $ do
       let dom = fromJust $ escapeAndParseURI "https://foo.com"
           header = getCspPolicy [ReportUri dom]
-      assertEqual "report-uri" header "report-uri https://foo.com"
+      assertEq "report-uri" header "report-uri https://foo.com"
     yit "enforces wildcards" $ do
       let header = getCspPolicy [ScriptSrc (Wildcard :| [Https])]
-      assertEqual "* should be alone" header "script-src *"
+      assertEq "* should be alone" header "script-src *"
     yit "enforces nones" $ do
       let header = getCspPolicy [ScriptSrc (None :| [Https])]
-      assertEqual "none should be alone" header "script-src 'none'"
+      assertEq "none should be alone" header "script-src 'none'"
   ydescribe "Headers" $
     yit "get set" $ do
       get HomeR
@@ -53,38 +53,38 @@
   ydescribe "Sandboxes" $ do
     yit "works when empty" $ do
       let header = getCspPolicy [Sandbox []]
-      assertEqual "empty sandbox" header "sandbox"
+      assertEq "empty sandbox" header "sandbox"
     yit "works when not empty" $ do
       let header = getCspPolicy [Sandbox [AllowForms, AllowScripts]]
-      assertEqual "empty sandbox" header "sandbox allow-forms allow-scripts"
+      assertEq "empty sandbox" header "sandbox allow-forms allow-scripts"
   ydescribe "Parsing" $ do
     yit "works" $ do
-      assertEqual "*" (parseOnly source "*") (Right Wildcard)
-      assertEqual "nonce" (parseOnly source "'nonce-foo'") (Right $ nonce "foo")
-      assertEqual "none" (parseOnly source "'none'") (Right None)
-      assertEqual "self" (parseOnly source "'self'") (Right Self)
-      assertEqual "data:" (parseOnly source "data:") (Right DataScheme)
-      assertEqual "https://foo.com" (parseOnly source "https://foo.com") (Right $ Host (fromJust (escapeAndParseURI "https://foo.com")))
-      assertEqual "https:" (parseOnly source "https:") (Right Https)
-      assertEqual "unsafe-inline" (parseOnly source "unsafe-inline") (Right UnsafeInline)
-      assertEqual "unsafe-eval" (parseOnly source "unsafe-eval") (Right UnsafeEval)
-      assertEqual "default-src self data:" (parseOnly withSourceList "default-src 'self' data:") (Right $ DefaultSrc (Self :| [DataScheme]))
-      assertEqual "report-uri http://hello.com" (parseOnly reportUri "report-uri http://hello.com") (Right $ ReportUri (fromJust (escapeAndParseURI "http://hello.com")))
-      assertEqual "sandbox allow-forms allow-scripts" (parseOnly sandbox "sandbox allow-forms allow-scripts") (Right $ Sandbox [AllowForms, AllowScripts])
+      assertEq "*" (parseOnly source "*") (Right Wildcard)
+      assertEq "nonce" (parseOnly source "'nonce-foo'") (Right $ nonce "foo")
+      assertEq "none" (parseOnly source "'none'") (Right None)
+      assertEq "self" (parseOnly source "'self'") (Right Self)
+      assertEq "data:" (parseOnly source "data:") (Right DataScheme)
+      assertEq "https://foo.com" (parseOnly source "https://foo.com") (Right $ Host (fromJust (escapeAndParseURI "https://foo.com")))
+      assertEq "https:" (parseOnly source "https:") (Right Https)
+      assertEq "unsafe-inline" (parseOnly source "unsafe-inline") (Right UnsafeInline)
+      assertEq "unsafe-eval" (parseOnly source "unsafe-eval") (Right UnsafeEval)
+      assertEq "default-src self data:" (parseOnly withSourceList "default-src 'self' data:") (Right $ DefaultSrc (Self :| [DataScheme]))
+      assertEq "report-uri http://hello.com" (parseOnly reportUri "report-uri http://hello.com") (Right $ ReportUri (fromJust (escapeAndParseURI "http://hello.com")))
+      assertEq "sandbox allow-forms allow-scripts" (parseOnly sandbox "sandbox allow-forms allow-scripts") (Right $ Sandbox [AllowForms, AllowScripts])
     yit "works with lists" $ do
       let result = [ImgSrc $ Self :| [Https], ScriptSrc $ Host (fromJust $ escapeAndParseURI "https://foo.com") :| []]
-      assertEqual "scripts and images" (parseOnly directive "img-src 'self' https:; script-src https://foo.com") (Right result)
+      assertEq "scripts and images" (parseOnly directive "img-src 'self' https:; script-src https://foo.com") (Right result)
       let result = [ImgSrc $ Self :| [DataScheme, Host (fromJust $ escapeAndParseURI "https://foo.com")]]
-      assertEqual "data and hosts" (parseOnly directive "img-src 'self' data: https://foo.com") (Right result)
+      assertEq "data and hosts" (parseOnly directive "img-src 'self' data: https://foo.com") (Right result)
     yit "works with nonces and th" $ do
       let result = [ScriptSrc $ (nonce "foo") :| []]
-      assertEqual "nonces and th" [csp|script-src 'nonce-foo'|] result
+      assertEq "nonces and th" [csp|script-src 'nonce-foo'|] result
     yit "works with dynamic nonces and th" $ do
       let n = "bar"
           result = [ScriptSrc $ (nonce "bar") :| []]
-      assertEqual "dynamic nonces and th" [csp|script-src $nonce-n|] result
+      assertEq "dynamic nonces and th" [csp|script-src $nonce-n|] result
     yit "works with th" $ do
       let result = [ImgSrc $ Self :| [Https], ScriptSrc $ Host (fromJust $ escapeAndParseURI "https://foo.com") :| []]
-      assertEqual "with th" [csp|img-src 'self' https:;  script-src https://foo.com|] result
+      assertEq "with th" [csp|img-src 'self' https:;  script-src https://foo.com|] result
       let url = fromJust $ escapeAndParseURI "https://foo.com"
-      assertEqual "with antiquoting" [csp|img-src 'self' https:; script-src $url|] result
+      assertEq "with antiquoting" [csp|img-src 'self' https:; script-src $url|] result
diff --git a/yesod-csp.cabal b/yesod-csp.cabal
--- a/yesod-csp.cabal
+++ b/yesod-csp.cabal
@@ -2,7 +2,7 @@
 -- documentation, see http://haskell.org/cabal/users-guide/
 
 name:                yesod-csp
-version:             0.2.1.0
+version:             0.2.2.0
 synopsis:            Add CSP headers to Yesod apps
 description:         Add CSP headers to Yesod apps. This helps reduce exposure to XSS attacks and bad assets.
 license:             MIT
@@ -31,7 +31,6 @@
                        , mono-traversable
                        , attoparsec
                        , template-haskell
-                       , uniplate
                        , syb
   hs-source-dirs:      src
   default-language:    Haskell2010
