Clickjacking vulnerability
Reported by harsh0707051mail@gmail.com, chaskar87@gmail.com and https://gitlab.zendesk.com/agent/#/tickets/209.
http://javascript.info/tutorial/clickjacking#x-frame-options
I suggest to solve this by moving the static hosting from S3 to a VPS running nginx.