Popup mode opens blocked sites in a real top-level window. Device emulation mode adds UA, DPR, touch, and mobile viewport behavior when run locally.
CentriPOS Embed Checklist
- Set `Content-Security-Policy: frame-ancestors 'self' https://frame.getcentri.com`
- Remove `X-Frame-Options: DENY` or `SAMEORIGIN` if present
- Use auth cookies with `SameSite=None; Secure` for iframe login flows
If CentriPOS stays in popup mode only, these header and cookie changes are not required for basic responsive testing.
The deployed Cloudflare site provides responsive framing and popup testing. Full device emulation runs locally through Playwright.