To help protect the privacy and security of operators and customers we are implementing security measures that will mean it is no longer possible to load operator websites as part of another webpage.
We continuously review our technical implementations to ensure they align with modern best security practices. A recent review identified that we could make some improvements to our security measures against clickjacking.
Clickjacking is a malicious technique that attempts to trick users into interacting with something different than they were expecting by displaying a trusted website in a frame on a website behind a transparent interface. One of the best defences against clickjacking is to tell browsers not to allow your website to be loaded in a frame.
As with all security recommendations there is a usability trade-off. There may be legitimate use cases for embedding your website on URLs you control. If you would like us to make an exception for trusted URLs please let your Customer Success Manager know.
An example of when an operator website might be loaded as a part of another webpage could be an interactive touchscreen displaying the website as part of another interface.
This change will be released on Monday, 31st July 2023.