Essentially I would like to provide UI/Interface like this app:
<iframe src="shopify-url" /> does not work for security reasons.
How does the example above work?
In the example, the preview is being served from the app's backend.
One possibility is, the app's server makes a request to get the store, modifies it's headers i.e 'X-Frame-DENY' etc and then sends it to the app frontend.