The X Frame Options Header
Header append X-FRAME-OPTIONS "SAMEORIGIN"
The X Frame Options Header helps to prevent an attack called "clickjacking". In a clickjacking attack, the attacker places your site in an invisable frame on top of malicious content in the hopes that your site will entice the user to click, but in actuallity instead of clicking on your site, the user is clicking the malicious content.
By setting x-frame-options to "sameorigin" we are preventing your site from being allowed to be placed in a frame anywhere except on your own website. The potential downside to this would be if you need to iframe your website somewhere other than the same domain. We recommend trying this setting for a two week period to ensure there is no legitimate sites framing your site in.
If you have not received any reports of legitimate framing of your site after two weeks, you might consider bumping up the security of x-frame-options even more, and changing it to x-frame-options "deny" to block all framing of your site (including framing on your own website).
Come back next week for more information on securing your site using .htaccess