At its simplest, X-Frame-Options is an HTTP response header that tells the browser whether to display the page as a <frame> or an <iframe>. may render. or . So this is important. In a clickjacking attack, a malicious attacker tricks a user into clicking something other than what the user thinks they are clicking, divulging sensitive information or visiting a different website from her. It may take control of your computer during the interaction. X-Frame-Options help prevent these attacks by controlling how and where content is framed.