In episode 296 of our weekly Hump Day Hangouts, one participant asked how does the security headings of web hosting affect embeds.
The exact question was:
2) Many hostings now set some security headers by default. I think that may be a problem for embeds. Here is an example – https://imgur.com/a/hGEUEe8 ; also a test on the security headers could be seen on this site https://securityheaders.com/ . Do you have any guidance of what type of headers should be set and if we could test if the headers are compatible. It looks like some people are still victims of hijacking so that's why many websites, hostings and other set security headers etc.