iframes and cross origin issues are browser concepts, the proxy see all requests individually and cannot see the "whole picture" with interrelations between them.
You can disable or cut out iframe out of the html page but is an advanced feature, I haven't seen many customers that do this.
Websockets are allowed by default, but you can block websocket connections with a special rule.
Was my response useful to you? If so, please consider marking it as an Accepted Solution and/or giving it a Kudo to help other community members.