Does DX NetOps Portal use iFrames in any capacity?

Release : 22.2

We use X-FRAME-OPTIONS: SAMEORIGIN and Content-Security-Policy that says same src.
We disable loading files from external sites with the default custom headers which customer can change.

Generate URL can generate a URL that can be used in an iframe elsewhere but the custom headers need to be modified to allow it.

The Allow Iframes setting is obsolete.  The Custom Headers is how to configure security headers for all pages.