Does you website have a security policy? Using a tool like webpagetest.org can help you figure out your security score. Typically if you don’t have a content security policy your score will fail. Now just passing the test is one thing, but enabling your site to be more secure can be confusing, inconvenient, and not always easy to do.
Depending on the strictness of your website you really can “Lock Down” your website.
Some things to consider with Dev.Land is we now offer a “CSP” (Content Security Policy) which can be loose up to Locked Down. Our method is Loose will pass tests, but if you want to take advantage of the CSP you will need to consider disabling iframes and object code booth of those are a bit ancient. Iframe used to be the only way to embed another page, and was widely used, however it did cause some site to be requested for bad things, which is why they are in general kind of being banned by most use cases.
As for object code, I might date myself but I know of its last use was for flash .swf files to be embedded, and also some unique java applets were configured with object code, which I think again is a really old thing so in most cases if you are logging uses with iframe analytics code you might want to review your vendors.