Framekiller scripts have largely been replaced by the usage of X-Frame-Options and Content-Security-Policy headers, which prevent the page from being loaded in a frame in the first place.
The recommended approach is to block rendering of the window by default and only unblock it after confirming the current window is the main one: This approach was proposed in 2010 by Gustav Rydstedt, Elie Bursztein, Dan Boneh and Collin Jackson in a paper that highlighted the limitations of existing frame-busting techniques along with techniques allowing to bypass them.
and the code below should be added after the frame tag: Historically, the first framekiller scripts were as simple as this: The logic here was to display the page, but check if the top location is the same as the current page, and replace the top by current if not.
This method however can be easily bypassed by blocking execution of the framebuster script from the outer frame.
If the value is empty or not set, the iframe's content will not execute JavaScript, and won't allow top-level navigation.