X-Frame-Options is an HTTP response header used to control whether a web page can be displayed within a frame, iframe, or object tag on another site. By specifying this header, website owners can protect their content from clickjacking attacks, where malicious sites attempt to trick users into interacting with hidden elements. The header supports values like DENY (prevents all framing), SAMEORIGIN (allows framing only from the same origin), and, in some browsers, ALLOW-FROM (permits framing from a specific URL). Although modern web security practices recommend using the more flexible Content Security Policy (CSP) frame-ancestors directive, X-Frame-Options remains widely used for basic frame protection.