is the header line that permits you to use any html, content or object as iframe or frame or whatever in any other website. It comes from the source websate. BUT, all your iframes won't work in the browser with file:// and you will get crazy trying to check what it is happening in your local tests.
Content-Security-Policy: frame-ancestors *
Quick-hotfix: in linux or mac you can use, from the local path of your html, the famous python -m SimpleHTTPServer and try it with http://localhost:8000/<uripath>