IFrame limitations

Optimizely Configured Commerce does not support setting SameSite cookies as None; Secure to render inside an iframe in some procurement platforms.

Configured Commerce uses SameSite cookies to authenticate with the APIs. Setting these cookies to None instead of Lax or Strict would limit API functionality.

If you are using PunchOut, you should render as a pop-up window.