We have found that releases of H2O flow after v3.18 have hardcoded a response header which is preventing the notebook from displaying in an iframe. The specific response header is:
Denying all requests to display H2O flow in an iframe hurts the open source nature of this product and hampers adoption. Having the option to set this to SAMEORIGIN would fix this for a lot of users. We would like to avoid brittle workarounds such as nginx configuration changes to accommodate use of the product.