I have a similar problem. I am trying to embed our ArcGIS Server REST services directory in an iframe and I am getting the same error Miguel saw. Here is the page where I am trying to use the iframe:
It is a slide deck built with deck.js - use the arrow keys to advance the slides. Some of my iframes work but several iframes that reference our REST services directory do not work. This is confusing because our REST services directory is public - no login required:
Is this iframe restriction controlled by the ArcGIS Server config or is this a web server config issue?
Esri employs frame-busting technology on forms where logins can be passed to prevent a security vulnerability called 'Phishing by frames'. There's not a user controlled method to update this configuration.