We are looking at embedding SharePoint Online pages in an iframe. There is documentation that explains that doing so is not possible because of clickjacking threats. Now, we have found that a page that is created in SharePoint Online actually gets rendered in an iframe but as documented not the allitems.aspx page. Is what we observed the expected behavior? We are not finding documentation about this.