Currently, I am assessing the Vulnerability of one of the websites and one of the points I am looking at is how can I prevent my website from potential clickjacking attacks?

I am no expert in this domain, but I have a few observations so far,

  1. Missing X-Frame-Options header means that this website could be at risk of a clickjacking attack.
  2. The X-Frame-Options HTTP header field indicates a policy that specifies whether the browser should render the transmitted resource within a frame or an iframe.
  3. Servers can declare this policy in the header of their HTTP responses to prevent clickjacking attacks.

As I said, I am no expert in this field so looking forward to hear some ideas of how can I use X-Frame-Options header from preventing clickjacking attacks?

1 Answer

you can rely on security header X-Frame-Options to indicate to the browser not to render any iframe.

this can used by sending a response header X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN if you want to use iframes but only for pages that are in the same origin as your page.

5

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy