Which CSP directive is the modern, preferred replacement for `X-Frame-Options` to prevent clickjacking?

Content-Security-Policy: frame-ancestors 'none' prevents any page from framing this one — the modern, more flexible replacement for X-Frame-Options: DENY. Unlike frame-src (which controls what frames this page can load), frame-ancestors controls who can frame this page. It supports multiple trusted origins: frame-ancestors 'self' https://trusted.example.com. X-Frame-Options is still sent for older browser compatibility, but CSP frame-ancestors takes precedence in supporting browsers.