|Did you come here looking for an answer to this question? If so, YOU ARE IN LUCK. We have lots of answers to this question. I am sure you can find one that fits your requirements.
NOTE: all of the answers below are real. QSACs really said these things (not just a QSA, but the lead/principal/guru)!
Double NOTE: The REAL answer to this question is actually in official PCI documentation now. The Dec2022 version of the v4.0 SAQ A has the answers. 6.4.3 (and 11.6.1) are applicable to more than the “payment page” and are applicable to the merchant’s page which hosts the iframe.
And if you would like to add YOUR answer to the question, please forward it along and I will include it anonymously. Or not anonymously if you want.