//https://cgscomputer.com/block-iframes-how-to-stop-your-website-from-being-iframed/
//Deny iFraming of your website to everyone:
header set x-frame-options DENY
//Deny iFraming of your website to everyone except those with the same origin:
header set x-frame-options SAMEORIGIN
//Deny iFraming of your website to everyone except the domains you specify – change domain.com to the domain you wish to allow access to:
header set x-frame-options ALLOW-FROM https://domain.com
//Block iFrames on Apache
header always set x-frame-options "SAMEORIGIN"
//Blocking iFrames on Nginx
header always set x-frame-options "SAMEORIGIN"
//Blocking iFrames on IIS
<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="sameorigin" />
</customHeaders>
</httpProtocol>
...
</system.webServer>