Back to glossary

Clickjacking

A malicious technique of tricking a user into clicking on something different from what the user perceives.

Categorysecurity

Overview

Clickjacking (also known as 'UI Redressing') involves an attacker using transparent or opaque layers (usually iframes) to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page.

Example

A user thinks they are clicking a 'Play' button on a video, but they are actually clicking a 'Delete Account' button on their bank's website which has been loaded in an invisible iframe on top of the video.

Prevention

  • X-Frame-Options: Restricting where your site can be framed.
  • Content Security Policy (CSP): Using the frame-ancestors directive.
  • Frame-busting scripts: Legacy JavaScript code that prevents a page from being framed.

Related Terms

X-Frame-OptionsContent Security Policy