</>
ProtocolCodes
English العربية Deutsch Español Français हिन्दी Bahasa Indonesia 日本語 한국어 Português Русский ไทย Türkçe Tiếng Việt 简体中文
Security

Clickjacking

An attack that tricks users into clicking hidden elements by overlaying a transparent iframe over a legitimate page, causing unintended actions such as authorizing transactions or changing settings. Clickjacking is prevented by sending the X-Frame-Options response header with DENY or SAMEORIGIN, or by using the CSP frame-ancestors directive to restrict which origins may embed the page. Modern browsers enforce these headers before rendering any framed content.

Связанные протоколы

HTTP

Упоминается в руководствах

Essential HTTP Headers Every Developer Should Know HTTP Fundamentals
Essential HTTP Security Headers Security & Authentication
Content Security Policy (CSP): A Complete Implementation Guide Security & Authentication

Смотрите также

XSS (Cross-Site Scripting) Security
CSP (Content Security Policy) Security
← Вернуться к глоссарию