By default the X-Frame-Options header is set to sameorigin, which means the page can be used in a frame as long as the site including it in a frame is the same as the one serving the page. How can this be changed to prevent pages being loaded in an iframe?
You'll need to change the value of X-Frame-Options to 'deny'.
In the CompleteFTP manage, go to
Sites/Settings>HTTP/HTTPS>Advanced HTTP/HTTPS Settings>Custom headers
You can change the value there.