See #880: updated CSP, added X-Frame-Options on front-end files, ensure embeds work

6 jobs for 880-header-security in 2 minutes and 55 seconds (queued for 1 second)