I'm hesitant to make a built-in sitelock feature in C2 since it provides a single point of breakage. Once someone figures out how to circumvent the sitelock, they can circumvent it for all C2 games. However if you invent your own solution it's more work since there is no one way to globally unlock all C2 games.
Aside from making events check their own domain, HTTP has features to prevent unwanted frames. X-Frame-Options looks like it can do it, but the newer standardised version is Content Security Policy, specifically the frame-ancestors directive. Configuring your server to send a HTTP header like:
Content-Security-Policy: frame-ancestors self https://awesomearcade.com
should only allow the page to be framed by either its own origin, or https://awesomearcade.com.