The x-frame-options header protects websites from clickjacking by not allowing iframes to be filled in on your website. It is supported by IE 8+, Chrome 4.1+, Firefox 3.6.9+, Opera 10.5+ and Safari 4+.

In this method, an attacker tricked the user into clicking something that wasn’t there. The user thinks they are on the main page, but something else is going on in the background. This allows hackers to steal information from your web browser.