...
It is possible to identify wether the page has this heady header visiting the external webpage and looking for the existence of this the content-security-policy header:
Trying to embed this webpage as an iframe, the result will be something like the following:
...