Clickjacking
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/clickjacking/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/clickjacking/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/clickjacking/)Use the native HTML custom element.
An attack that tricks users into clicking hidden elements by overlaying a transparent iframe over a legitimate page, causing unintended actions such as authorizing transactions or changing settings. Clickjacking is prevented by sending the X-Frame-Options response header with DENY or SAMEORIGIN, or by using the CSP frame-ancestors directive to restrict which origins may embed the page. Modern browsers enforce these headers before rendering any framed content.