Below is small snippet on how you can defend against click-jacking and UI redress attacks using the x-frame-options response header for browsers that support it.  It also has css and javascript that blocks the page from being shown unless it is the top page.  If you’re not familiar with Click-jacking,  they basically embed an invisible layer on top of the visible layer of a webpage.  This invisible layer will take the user’s clicks and entered information and possibly do malicious things.  They could have you enter the information into an input box that is 1 layer above the actual input box, making you follow someone on twitter, like a Facebook page, clicking a google ad, etc…

<?PHP
//The response header will have the x-frame-options header that tells browsers that support it to not allow this page to be iframed.
header('X-Frame-Options: DENY');
?>
<!– Set the body's css to not show, and have the javascript remove this code if we are the top page. –>
<style id="antiClickjack">
body{display:none !important;}
</style>
<script type="text/javascript">
if (self === top) {
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.location = self.location;
}
</script>