Setting the reponse header:
SAMEORIGIN will prevent your page to be displayed in another site and will prevent most clickjacking attacks
will prevent your page completely from being displayed in an iframe.</br>
<?php header('X-Frame-Options: DENY'); ?>
will prevent you page from being displayed in other sites (in our case to allow displaying your page in an iframe, “same site” means it must be the same domain with the same protocol).<br/>
<?php header('X-Frame-Options: SAMEORIGIN'); ?>
Both options are well supported in most of the common web browsers (chrome, firefox, safari, opera, IE8 and above)
There’s a third option ALLOW-FROM, but I won’t discuss it because it is badly supported in most of the browsers.