I tried adding the following response headers for security reasons.
It is working somehow meaning external website can no longer iframe my website.
However, I am encountering a problem.
On my website, I am loading a modal window in an iframe and that iframe is in https. If my base window is in http, that modal window cannot load even though they are from the same domain.
But if my base window is https, I have no problem loading that https modal window.
Any suggestion to make the https modal work even if my base is on http?
NOTE: The modal MUST be on https due to business requirements.