Step 1: Under System, Click Security Kit settings.
Step 2: Under Clickjacking, click X-Frame-Options Header for options.
Step 3: Select an X-Frames-Options HTTP header:
Step 4: SAMEORIGIN – your website can be framed in the same webpage (default option)
DENY – website cannot be displayed in a frame
ALLOW-FROM – website can only be framed within URIs specified below; may not work in newer browsers.
At the bottom, click Save configuration.