In section Section 5.2.2 Security HTTP Response Headers > X-Frame-Options there is link that leads to private video.
For example, using clever CSS styling users could be tricked into clicking on something that they were not intending (video demo).
Comment From: eleftherias
Thanks @Grez! This is now fixed.