diff --git a/next.config.js b/next.config.js
index 7ba1a7ea..e004566a 100644
--- a/next.config.js
+++ b/next.config.js
@@ -2,13 +2,18 @@
 require('dotenv').config();
 const pkg = require('./package.json');
 
+const CLOUD_URL = 'https://cloud.umami.is';
+
+// Space-separated list of URLs that can load the "Share" dashboard, i.e. http://app.localhost:7000 https://*.vercel.app
+const EMBED_HOSTED_URL = process.env.EMBED_HOSTED_URL;
+
 const contentSecurityPolicy = `
   default-src 'self';
   img-src *;
   script-src 'self' 'unsafe-eval';
   style-src 'self' 'unsafe-inline';
   connect-src 'self' api.umami.is;
-  frame-ancestors 'self';
+  frame-ancestors `self ${EMBED_HOSTED_URL}`;
 `;
 
 const headers = [