Glossary

CLICKJACKING
defined.

A UI redress attack where an attacker overlays an invisible iframe of a target site over their own content, tricking the victim into interacting with the target.

A–Z

What is Clickjacking?

Defence is straightforward: X-Frame-Options: DENY (legacy) or Content-Security-Policy: frame-ancestors 'none'. The latter is the modern equivalent and what every authenticated page should ship with.

Related terms.

Content Security Policy (CSP)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Cross-Origin Resource Sharing (CORS)

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

CLICKJACKINGdefined.

What is Clickjacking?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

CLICKJACKING
defined.

BOOK A FREE
scoping call.