The best thing you can do is the following:
if (window.top.location.host != "hostname") {
document.body.innerHTML = "Access Denied";
}
Add the above to your JavaScript and then use a JavaSript obfuscator
if (window.top.location.host != "hostname") {
document.body.innerHTML = "Access Denied";
}