Clickjacking Attacks: What Are They and How to Prevent Them

Too Long; Didn't Read

Clickjacking refers to any attack where is user is tricked into clicking any unexpected web element unintentionally. This technique is mostly used for websites or web pages by overlaying malicious content over a trusted webpage or by placing a transparent element or an entire page over a visible one. OWASP recommends that we hide the entire body of the document and show it only once we verify that the page is not framed. The best solution is to use the X-Frame-Options(XFO) HTTP response header in server responses.