That's something being set on your server to all responses. It's a security feature that prevents your site from being loaded within a frame, which is what Facebook is doing.Refused to display 'jugsaopaulo.com.br/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
# The `X-Frame-Options` response header should be send only for
# HTML documents and not for the other resources.
<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
Header unset X-Frame-Options
</FilesMatch>
</IfModule>
Join our newsletter to get alerts for Joomla releases, tips and tricks and extension updates.