One of the security headers, called X-Frame-Options is designed to prevent click-jacking attacks.
For websites, this is done by overlaying a transparent website over a visible one.
Framing uses the HTML element iframe which can load an entire separate webpage within another page.
X-Frame-Options prevents webpages from being loaded in iframes, which prevents it from being overlaid over another website.
The header allows the website owner to configure how restrictive the setting is.
There are two controls: X-Frame-Options: DENY prevents a protected webpage from ever being framed.
