Apparently since fixing this problem
https://support.safe.com/hc/en-us/articles/25407612007949-Known-Issue-FME-Flow-Apache-Tomcat-Vulnerability-with-X-Frame-Options-header
In FME Flow 2025.1, embedding FME Flow content to other pages is disabled entirely by default.
Is there any chance to allow embedding from known sources or is embedding considered so risky that this would not be even considered?