Vulnerable to clickjacking
<!DOCTYPE html>
<html>
<body>
<h1>The iframe element</h1>
<iframe src=“https://localhost/Cockpit/” title=“iframe test”>
</iframe>
</body>
</html>
2) Open with firefox and note that the frame is loaded which is potential to clickjacking due to missing x-frame-options security headers