Set the directive to DENY.
DENY
Usage
Source
XFrameOptions.deny()
The page cannot be displayed in a frame, regardless of the site attempting to do so.