I created a React app and deployed it to SAP Cloud Foundry using static build pack. I see that I can embed my web application route in any iframe on any domain. Any setting I need to do in the Cloud Foundry Application Space or in the manifest.yml. I need to basically limit iframe embedding and just whitelist few domains which can embed my app in an iframe.
I followed this link to create and deploy the basic app
https://blogs.sap.com/2020/07/23/deploy-your-reactjs-application-in-cloud-foundry/
I tried setting a few of the properties from below link in User-Defined Variables but that didn't help as well.
The user-defined variables you mentioned work only, if you access your application via an application router (look here for information on how to set up the application router: Setting Up Your Own Application Router).
It appears to be default behavior of the application router to prevent embedding of pages in iframes: Disable X-FRAME-OPTIONS in SCP Portal Cloud Foundry