This is how you add the x-frame-options header to your page in ASP. This can also be done in IIS.
Using the x-frame-options header will prevent your page from being displayed inside another frame, discouraging click-jacking. There are a few different ways to set it up.
1. Your first option is to deny ALL attempts to frame your page.
<% Response.AddHeader "X-FRAME-OPTIONS", "DENY" %>
2. The second option denies ALL attempts to frame your page by any another website not your own.
<% Response.AddHeader "X-FRAME-OPTIONS", "SAMEORIGIN" %>
3. The third option specifies exactly which websites can frame your page. While this option is likely the one you’d use, it is not supported by all browsers such as Chrome and Safari. 🙁
Good thing there is an online test to see which of these your browser supports.
<% Response.AddHeader "X-FRAME-OPTIONS", "Allow-From https://examplesite.com" %>