diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e3ea8b375f..08a552cb6b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -56,50 +56,9 @@ class ApplicationController < ActionController::Base
   end
 
   def enable_embedded_shopfront
-    return unless embeddable?
-    return if embedding_without_https?
-
-    response.headers.delete 'X-Frame-Options'
-    response.headers['Content-Security-Policy'] = "frame-ancestors 'self' #{URI(request.referer).host.downcase}"
-
-    check_embedded_request
-    set_embedded_layout
-  end
-
-  def embedded_shopfront_referer
-    return if request.referer.blank?
-    domain = URI(request.referer).host.downcase
-    domain.start_with?('www.') ? domain[4..-1] : domain
-  end
-
-  def embeddable?
-    domain = embedded_shopfront_referer
-    return true if domain == request.host
-
-    whitelist = Spree::Config[:embedded_shopfronts_whitelist]
-    Spree::Config[:enable_embedded_shopfronts] && whitelist.present? && domain.present? && whitelist.include?(domain)
-  end
-
-  def embedding_without_https?
-    request.referer && URI(request.referer).scheme != 'https' && !Rails.env.test? && !Rails.env.development?
-  end
-
-  def check_embedded_request
-    return unless params[:embedded_shopfront]
-
-    # Show embedded shopfront CSS
-    session[:embedded_shopfront] = true
-
-    # Get shopfront slug and set redirect path
-    if params[:controller] == 'enterprises' && params[:action] == 'shop' && params[:id]
-      slug = params[:id]
-      session[:shopfront_redirect] = '/' + slug + '/shop?embedded_shopfront=true'
-    end
-  end
-
-  def set_embedded_layout
-    return unless session[:embedded_shopfront]
-    @shopfront_layout = 'embedded'
+    embed_service = EmbeddedPageService.new(params, session, request, response)
+    embed_service.embed!
+    @shopfront_layout = 'embedded' if embed_service.use_embedded_layout
   end
 
   def action
diff --git a/app/services/embedded_page_service.rb b/app/services/embedded_page_service.rb
new file mode 100644
index 0000000000..b4ab2372cc
--- /dev/null
+++ b/app/services/embedded_page_service.rb
@@ -0,0 +1,90 @@
+# Processes requests for pages embedded in iframes
+
+class EmbeddedPageService
+  attr_reader :use_embedded_layout
+
+  def initialize(params, session, request, response)
+    @params = params
+    @session = session
+    @request = request
+    @response = response
+
+    @embedding_domain = @session[:embedding_domain]
+    @use_embedded_layout = false
+  end
+
+  def embed!
+    return unless embeddable?
+    return if embedding_without_https?
+
+    process_embedded_request
+    set_response_headers
+    set_embedded_layout
+  end
+
+  private
+
+  def embeddable?
+    return true if current_referer == @request.host
+
+    domain = current_referer_without_www
+    whitelist = Spree::Config[:embedded_shopfronts_whitelist]
+
+    embedding_enabled? && whitelist.present? && domain.present? && whitelist.include?(domain)
+  end
+
+  def embedding_without_https?
+    @request.referer && URI(@request.referer).scheme != 'https' && !Rails.env.test? && !Rails.env.development?
+  end
+
+  def process_embedded_request
+    return unless @params[:embedded_shopfront]
+
+    set_embedding_domain
+
+    @session[:embedded_shopfront] = true
+    set_logout_redirect
+  end
+
+  def set_response_headers
+    @response.headers.delete 'X-Frame-Options'
+    @response.headers['Content-Security-Policy'] = "frame-ancestors 'self' #{@embedding_domain}"
+  end
+
+  def set_embedding_domain
+    return unless @params[:embedded_shopfront]
+    return if current_referer == @request.host
+
+    @embedding_domain = current_referer
+    @session[:embedding_domain] = current_referer
+  end
+
+  def set_logout_redirect
+    return unless enterprise_slug
+    @session[:shopfront_redirect] = '/' + enterprise_slug + '/shop?embedded_shopfront=true'
+  end
+
+  def enterprise_slug
+    return false unless @params[:controller] == 'enterprises' && @params[:action] == 'shop' && @params[:id]
+    @params[:id]
+  end
+
+  def current_referer
+    return if @request.referer.blank?
+    URI(@request.referer).host.downcase
+  end
+
+  def current_referer_without_www
+    return unless current_referer
+    current_referer.start_with?('www.') ? current_referer[4..-1] : current_referer
+  end
+
+  def set_embedded_layout
+    return unless @session[:embedded_shopfront]
+    @use_embedded_layout = true
+  end
+
+  def embedding_enabled?
+    Spree::Config[:enable_embedded_shopfronts]
+  end
+end
diff --git a/spec/requests/embedded_shopfronts_headers_spec.rb b/spec/requests/embedded_shopfronts_headers_spec.rb
index 6d6ea4b9f6..6428b009be 100644
--- a/spec/requests/embedded_shopfronts_headers_spec.rb
+++ b/spec/requests/embedded_shopfronts_headers_spec.rb
@@ -48,7 +48,7 @@ describe "setting response headers for embedded shopfronts", type: :request do
       end
 
       it "allows iframes on certain pages when enabled in configuration" do
-        get shops_path
+        get enterprise_shop_path(enterprise) + '?embedded_shopfront=true'
 
         expect(response.status).to be 200
         expect(response.headers['X-Frame-Options']).to be_nil
@@ -69,7 +69,7 @@ describe "setting response headers for embedded shopfronts", type: :request do
       end
 
       it "matches the URL structure in the header" do
-        get shops_path
+        get enterprise_shop_path(enterprise) + '?embedded_shopfront=true'
 
         expect(response.status).to be 200
         expect(response.headers['X-Frame-Options']).to be_nil