How to allow to be embedded in an iFrame only from specific websites in Qlik Sense for Windows.
Environment
Qlik Sense Enterprise on Windows
Resolution
This can be done with X-Frame-Options and Content-Security-Policy.
See X-Frame-Options (Mozilla) and Content-Security-Policy (Mozilla).
A possible example:
In the virtual proxy, in "additional response headers", add the following:
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' https://qlikserver2.domain.local
The above will only allow Qlik Sense to be embedded in an iframe from https://qlikserver2.domain.local.