🔐 Cybersecurity / Web Security Intermediate

What is clickjacking?

Answer

Clickjacking (UI redress attack) tricks users into clicking on something different from what they perceive — by overlaying a transparent malicious frame on top of a legitimate page. Example: an attacker creates a page with a button labeled "Win a Prize!" and overlays a transparent iframe of a banking site's "Transfer Funds" button at the exact same position — when the user clicks what they think is the prize button, they actually click the bank's transfer button. Prevention: (1) X-Frame-Options header: DENY (never framed) or SAMEORIGIN (only same-origin frames). (2) CSP frame-ancestors directive: more flexible modern replacement — Content-Security-Policy: frame-ancestors 'none'. (3) Frame-busting JavaScript: legacy approach (easily bypassed). (4) SameSite cookies: mitigates authenticated clickjacking. Always set X-Frame-Options or CSP frame-ancestors on all pages.

Previous

What is path traversal?

Next

What is an open redirect vulnerability?

More Cybersecurity / Web Security Questions

View all →
All Cybersecurity / Web Security Questions Browse All Topics