To allow more than one website, perform the steps as shown in Adding a trusted site to allow iFrame.
Procedure
<init-param> <param-name>antiClickJackingUris</param-name> <param-value>http://website-a.com, http://website-b.com:9999 </param-value> </init-param>
<init-param> <param-name>policy</param-name> <param-value>frame-ancestors http://website-a.com http://website-b.com 'self' </param-value> </init-param>