An iframe is a tool for embedding external content into a website. It's like a "window within a window" that shows information from other sources. The actual issue is about allowing your app to be rendered as an iFrame.

It can cause several security vulnerabilities, such as:

That's why you don't want to allow external people to use your website as an iFrame (unless it's part of your business logic, in this case, you can ignore this issue).

Disallowing people from rendering your application as an iFrame is quite easy. You'll have to open your Bubble editor, and then navigate to "Settings > General". You'll find a property called "Allow to render the app in a frame/iframe (X-Frame-Options)". Simply define this property to "Block all frames".