Hi @Clinton_Emok in order to allow direct embedding of Bokeh server app sessions in outside sites, a Bokeh server must be configured with the appropriate --allow-websocket-origin options to put the outside site on the allow-list. This is a security precaution similar to prevent cross-site abuse. Your Boke server is receiving, but rejecting, the embed attempt—that’s what the 403 “Forbidden” HTTP return status indicates. See to docs for full details: