X-Frame-Options

Understand clickjacking and how attackers exploit hidden iframes to hijack clicks on your website. Explore the use of the X-Frame-Options HTTP header to restrict iframe embedding and protect your web application from unauthorized framing attacks. Learn about its policies like DENY, SAMEORIGIN, and ALLOW-FROM to enhance your site's security.

We'll cover the following...

- What is clickjacking?
- A runnable example

As soon as you click on the link, you realize that all the money in your bank account is gone. What happened?

You were a victim of a clickjacking attack! An attacker directed you to their website, which displays an attractive link to click. Unfortunately, they also embedded an iframe from your-bank.com/transfer?amount=10000000&to=attacker@example.com in the page but hid it by setting its opacity to 0%. Then, instead of clicking on the original page and winning a brand-new hummer, the browser captured a click on the iframe, a dangerous click that confirmed the transfer of money. Most banking systems require ...

1.Introduction

2.Understanding The Browser

3.HTTP

4.Protection through HTTP Headers

5.HTTP Cookies

6.Situationals

7.DDoS Attacks

8.Bug Bounty Programs

9.Conclusion

Project

X-Frame-Options

What is clickjacking?