Facing this error while submit APP App must set security headers to protect against clickjacking

I have built public APP in PHP while i have submit the APP below issue for reject the APP

App must set security headers to protect against clickjacking

1. App must set security headers to protect against clickjacking.
   To prevent clickjacking attacks, your app must set the proper content security policy directive. If your app is not embedded in an Iframe in the Shopify admin, and you are seeing this message, check your app's settings and make sure it is set to "non-embedded." If your app is embedded, then we expect the 'Content-Security-Policy' header to be frame-ancestors https://admin.shopify.com https://[shop].myshopify.com, where [shop] is dynamically set to the shop domain the app is embedded on.
   
   I have used below code in php header

header('Content-Security-Policy: frame-ancestors ' . $shopurl . ' admin.shopify.com;');

How i can test for above code before re-submit the APP and also let me know i am doing this right