Clickjacking
This type of security attack allows a malicious actor to get a user to unknowingly click a hidden button or link on an embeded website. This is done by leveraging iframe or frame, either one of these can embed one webpage within another. Data can be stolen, actions can be executed, or a user's interactions can be hijacked.
Django X-Frame-Options Header
In settings.py the following can be configured to prevent clickjacking:
DENY will render a page unable to be displayed in a frame or iframe regardless of the site embedding it.
X_Frame_Options = 'DENY'
SAMEORIGIN will only allow a page to be embedded if the framing site is the same origin.
X_Frame_Options = 'SAMEORIGIN'
The above should get you the green check mark from DJ Checkup and make your site more secure.
Alternatively one could implement Content Security Policy. This easily deserves it's own article and can go pretty deep in the weeds. Here are a few links to check out in the meantime: django-csp