X-Frame-Options header restricts web page's ability to open in a Frame. Opening in a frame can result a Clickjacking attack which the authentic page is open in a frame a place layer exactly on top of a login section which can capture usernames and passwords.
According to the 'X-Frame-Options response header' reference in Mozilla Developer site, There are three possible values for X-Frame-Options:
