Many websites prevent embedding in iframes for security reasons:

• X-Frame-Options headers block embedding to prevent clickjacking attacks
• Content Security Policy (CSP) with frame-ancestors restricts which sites can embed content
• JavaScript can detect and block iframe embedding

Sites that typically provide embeddable content:

• YouTube, Vimeo, and other video platforms (via their embed URLs)
• Google Maps, OpenStreetMap
• Social media embed widgets (Twitter, Instagram)
• Code playgrounds (CodePen, JSFiddle)

For your own websites, you can control iframe embedding with headers:

X-Frame-Options: ALLOW-FROM https://your-trusted-site.com