When trying to embed the entire SWZ portal into an iFrame I get the following error:

Refused to frame 'https://btp-tenant.workzone.cfapps.eu10.hana.ondemand.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://teams.microsoft.com https://btp-tenant.cpp.cfapps.eu10.hana.ondemand.com https://btp-tenant.launchpad.cfapps.eu10.hana.ondemand.com https://btp-tenant.workzone.cfapps.eu10.hana.ondemand.com https://btp-tenant.workzonehr.cfapps.eu10.hana.ondemand.com https://btp-tenant.mobile.workzone.cfapps.eu10.hana.ondemand.com https://btp-tenant.mobile.workzonehr.cfapps.eu10.hana.ondemand.com".

The list in the frame-ancestors is a list of SWZ trusted domains. Thus, for instance, I can embed the same SWZ portal into MS Teams. This works because https://teams.microsoft.com is already on the trusted domains list above.

Worth mentioning, this is a different trusted domain list from the list of the trusted domains maintained in SWZ's SAP IAS. The latter is used when embedding 3rd party content into SWZ.

Q. So the question is how do I get added any custom domain to the list of trusted domains to embed SWZ into?

You have to edit the list of relevant security headers in the site manager settings as depicted in the screenshot below. Then you can embed SWZ in your website;

 Voila; that's it.

The following links were helpful:

https://help.sap.com/docs/build-work-zone-standard-edition/sap-build-work-zone-standard-edition/security

https://help.sap.com/docs/build-work-zone-standard-edition/sap-build-work-zone-standard-edition/using-security-headers

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy