How to prevent opening your site inside iframe of another domain (X-Frame-Options)

3 November 2022

Configure your IIS (web.config) to disallow iframe embeding of your content from another web sites

c#MVCIIS 
<system.webServer>
  …

  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>

  …
</system.webServer>

You can also disable embeding from any source with X-Frame-Options: DENY

External resources: