X-Frame-Options

Category: Security
Type: New or changed feature
Status: Enabled by default (Chrome 4)
Intent stage: None

Summary

The X-Frame-Options HTTP header field protects pages against clickjacking attacks by allowing sites to opt-out of being embedded in cross-origin (or any) contexts.

Standards & signals

Specification: https://tools.ietf.org/html/rfc7034
Firefox: Shipped/Shipping
Safari: Shipped/Shipping
Web developers: Positive

View on chromestatus.com