Cross site scripting is frowned upon however there are times when you need to display the content of one site in the iFrame of another. An example is a war board showing a result set of data used for an operations team to monitor. This can be things like new support requests.
The host can block this by setting the following header in the response:
If this is set you can stand on your head but your iFrame will not display the content:
--- include jquery
You can removed the configuration from the server (if you have access)
--- IIS (I have not tried this but saw it on SO, linked below)
If this is for a warboard and you and not hijacking somebody’s website you can install a browser plug, example for chrome is ‘Ignore X-Frame headers’