Clickjacking vulnerability

Reported by harsh0707051mail@gmail.com, chaskar87@gmail.com and https://gitlab.zendesk.com/agent/#/tickets/209.

http://javascript.info/tutorial/clickjacking#x-frame-options

I suggest to solve this by moving the static hosting from S3 to a VPS running nginx.

/cc @marin @sytse @dzaporozhets