Provide a trusted white list of trusted cross domain url's for iFrame embedding of SharePoint Online content
We have many on prem sites who's content we embed in other on prem sites. Even with embed content from other sources it seems that On Prem SP2013 is more forgiving. I guess this is a security thing. We are breaking many of our pages with embedded SharePoint content as we migrate that embed content to SharePoint Online. Seems a reasonable tenant level setting would be to provide a list of trusted cross domain URL's, In our case it would be the on-prem parent site with the embed), for iframing and adjust x-Frame Options header accordingly.