To prevent a webpage from being displayed outside of an iframe, you can use the X-Frame-Options header. This header allows a site to control whether or not its pages can be loaded in a frame or iframe on another site.

There are three possible values for the X-Frame-Options header:

1. DENY - This option instructs the browser to deny any attempt to load the page in a frame or iframe, regardless of the site trying to load it.

2. SAMEORIGIN - This option allows the page to be loaded in a frame or iframe only if the request originated from the same origin as the page itself. For example, if the page is hosted on https://example.com, it can be loaded in a frame or iframe only if the request also originated from https://example.com.

3. ALLOW-FROM uri - This option allows the page to be loaded in a frame or iframe only if the request originated from the specified URI. For example, ALLOW-FROM https://example.com would allow the page to be loaded in a frame or iframe only if the request came from https://example.com.

To set the X-Frame-Options header for a webpage, you can add it to the HTTP response headers sent by the server. Here is an example of how to set the header to DENY:

X-Frame-Options: DENY

You can set this header in a number of ways depending on your server configuration, such as by adding it to the .htaccess file or by using server-side scripting languages such as PHP or Python.

It’s important to note that not all browsers support the X-Frame-Options header, and some older browsers may not enforce it correctly. Therefore, it’s a good practice to also use other methods, such as JavaScript checks, to ensure that the page is only being displayed in an iframe on your own site.