I can't display my website in an website element

 Issue: The customer's website is blocking embedding into an iFrame due to its security settings.

 Purpose of Security Settings: These settings prevent clickjacking attacks and ensure that the site's content is not embedded into other sites without permission.

 Solution: The customer's web admin needs to adjust these settings to allow embedding.

 Check 'X-Frame-Options': This header controls whether a browser should allow a page to be rendered in an iFrame. It can be set to DENY, SAMEORIGIN, or ALLOW-FROM.

 Check Content Security Policy (CSP): CSP can also prevent a page from being loaded in an iFrame. Look for the frame-ancestors directive.

 Allow from Specific Domain: Set the header to ALLOW-FROM https://go.plural.io to allow embedding on your specific domain.

 Allow from Same Origin: If both sites are on the same domain, set it to SAMEORIGIN.

 Modify frame-ancestors Directive: Add your domain to the frame-ancestors directive in the CSP header. For example, frame-ancestors 'self' https://go.plural.io;.

 Server Configuration: These headers are usually set in the web server configuration (e.g., Apache, Nginx) or in the application code (e.g., PHP, Node.js).

 Testing: After making changes, test by embedding the site in an iFrame on your platform.

 Security Implications: Understand that allowing a website to be embedded can have security implications. It should be done only if necessary and with understanding of the risks.

 Communicate Clearly: Make sure to explain why these changes are needed and how they will benefit both parties.

 Security Awareness: Emphasize that these changes should be made with a clear understanding of the security implications.