I am trying to embed amazon website in a webpage. Something like what is done here: http://en-jo.amazon.shop.cashbasha.com/

I tried to use iframe, but Amazon prevents it from being displayed as a security measure:

<iframe src="http://www.amazon.com/" width="100%" height="100%">
  <p>Your browser does not support iframes.</p>
</iframe>

I get the error:

Refused to display 'http://www.amazon.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

So how did the website above achieve that if Amazon doesn't allow it?

It appears like the website you are referencing achieved this by entering the pure javascript code and html into their webpage. Be careful with this site, as it could be a phishing scam.

I don't think you're going to get much traction with this approach. Browsers are getting very particular about iframes and mixed security levels. Attempting to find hacks to circumvent this on your client is bound to fail in the long run and puts your users at risk.

Ref: How Can I Bypass the X-Frame-Options: SAMEORIGIN HTTP Header?

Incidentally, I wouldn't (and didn't) click a link formatted like the one you posted. If I see Amazon in the URL, I expect it to be the base domain. Otherwise, I assume it was designed to fool a user, so even if a technical solution is found, I don't think you should want to deploy this in practice.

You can use the X-Frame-Bypass Custom Element, which allows you to bypass X-Frame-Options: deny/sameorigin.