-
Notifications
You must be signed in to change notification settings - Fork 22.4k
/
index.md
17 lines (12 loc) · 1.05 KB
/
index.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
title: Clickjacking
slug: Glossary/Clickjacking
page-type: glossary-definition
---
{{GlossarySidebar}}
**Clickjacking** is an interface-based attack that tricks website users into unwittingly clicking on malicious links. In clickjacking, the attackers embed their malicious links into buttons or legitimate pages in a website. In an infected {{glossary("Site")}}, whenever a user clicks on a legitimate link, the attacker gets the confidential information of that user, which ultimately compromises the user's privacy on the Internet.
Clickjacking can be prevented by implementing a [Content Security Policy (frame-ancestors)](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) and implementing [Set-Cookie attributes](/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes).
## See also
- [Web security: clickjacking protection](/en-US/docs/Web/Security/Practical_implementation_guides/Clickjacking)
- [Clickjacking](https://en.wikipedia.org/wiki/Clickjacking) on Wikipedia
- [Clickjacking](https://owasp.org/www-community/attacks/Clickjacking) on OWASP