Just recently I did just that and came across an error I expected to see, but a little curious as to how it presented itself.
Refused to display '//myserver.com.au/ords/f?p=SAGE:1023:30559832045078' in a frame because it set 'X-Frame-Options' to 'DENY'.
Googling the last half of the message returns some interesting discussions on how this works from a web technology perspective
The idea is that it can protect from clickjacking behaviours. APEX manipulates browser settings through an application security attribute "Embed in Frames". Allowing from same origin is deferring trust to the hosting server.
You might need to adjust this for scenarios such as
- modal dialog plugins
- embedding an apex page as a region within another page
- attempting multiple IR per page prior to APEX 5
- APEX page embedded within a Portal
Dan McGhan explains the properties in more depth:
Current APEX 5 documentation:
though I'm pretty sure the setting was introduced in 4.1.