ASP.Net MVC 5 automatically adds a HTTP header called X-Frame-Options with the value SAMEORIGIN to your web application. That header is intended to prevent click jacking and makes sure your site can’t be loaded in an IFrame. You can find more information about this header here.