Test iFrame Security Headers
Should show for known root domain*