One common way to embed a JavaScript application in a web page is using
iframe.
Assuming the application is accessible from https://example.com/my-app and the embedding page is
https://example.com/content, the embedding code in the embedding page would look like this:
This is a companion discussion topic for the original entry at https://8hob.io/posts/restrict-access-to-js-app-embedded-via-iframe