For security reason we recommend to configure your iFrame setting to protect your MashZone NextGen installation against clickjacking attacks.
Clickjacking is a vulnerability where an attacker creates a page that uses iFrame to render another page, then creates invisible controls on top of the rendered page that may be able to sniff user input.
General information on the clickjacking attack vector can be found on https://www.owasp.org/index.php/Clickjacking.
MashZone NextGen offers two ways to prevent successful clickjacking attacks. In order to allow iFrame on trusted sites, MashZone NextGen uses X-Frame-Options providing the ALLOW-FROM value. Using this, a website A can configure the header to carry the top level URI of a website B which is allowed to iframe website A. A second way to prevent clickjacking attacks is using the Content-Security-Policy that is supported by most web browsers.
Details on how to use iFrame with MashZone NextGen can be found in Embedding MashZone NextGen in external system environments.