When working on this, we need to control the circumstances where embedding is possible. Allowing embedding across the board without limitations could have security implications. Security scanner tools like Nessus complains about the current headers sent by Web Access, saying that there is a potential vulnerability to “Clickjacking”: https://www.tenable.com/plugins/nessus/85582 In short, headers “X-Frame-Options” or “Content-Security-Policy” could possibly give us the control we need: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy