1

See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.y-kimie.jp%2Fyanagisawa.html&ref_sel=GSP2&ua_sel=ff&fs=1
see: http://toolbar.netcraft.com/site_report?url=http://www.y-kimie.jp
MX issue: https://threatintelligenceplatform.com/report/y-kimie.jp/U57G9jAvEc
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.y-kimie.jp
given clean: https://www.quttera.com/detailed_report/www.y-kimie.jp
Not many best practices: https://en.internet.nl/domain/www.y-kimie.jp/89953/
and https://ipwiki.co/y-kimie.jp.html

Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An "X-Frame-Options" header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.

Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

Just Fortinet’s so FP? → https://virustotal.com/#/url/ccbf52563163774dafcd36ff487b8457357f1d25ff5954d54e6863c2dfb406db/detection
Or is it with Spry.Utils from Adobe’s?
error in -http://www.y-kimie.jp/SpryAssets/demos/gallery_pe/includes/SprySlideShowControl.js

found JavaScript error: undefined variable Spry.Utils error: line:1: SyntaxError: missing ; before statement: error: line:1: var Spry.Utils = 1; error: line:1: ....^
Ensure your variables actually contain values before attempting to output them, Info credits: EmuX

polonus