Clickjacking PoC

Clickjacking Mitigation & Remediation

Prevention Measures:

  1. X-Frame-Options Header:
    Set HTTP header: X-Frame-Options: DENY or SAMEORIGIN
    MDN Reference
  2. Content Security Policy (CSP):
    Use: Content-Security-Policy: frame-ancestors 'none'
    MDN Reference
  3. Frame-Busting Script:
    Add to your page's HTML:
    <script>if(top !== self) top.location.href = self.location.href;</script>

Remediation Steps:

  1. Implement server-side headers (X-Frame-Options or CSP)
  2. Test using this PoC tool after implementation
  3. Use combination of client-side and server-side protections
  4. Regularly audit sensitive pages