An intuder may clickjacked page tricks a user into performing undesired actions by clicking on a concealed link or execute script withoug user knowledge.

"Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by web site, if expect the page to be framed only by pages on web server, then use SAMEORIGIN, otherwise if you never expect the page to be framed, use DENY. ALLOW-FROM allows specific websites to frame the web page in supported web browsers.

Reference:
http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx?Redirected=true"