{"id":410,"date":"2014-04-08T17:35:49","date_gmt":"2014-04-08T17:35:49","guid":{"rendered":"http:\/\/www.encoders.co.in\/blog\/?p=410"},"modified":"2014-04-08T17:35:49","modified_gmt":"2014-04-08T17:35:49","slug":"how-to-defend-clickjacking","status":"publish","type":"post","link":"https:\/\/www.encoders.co.in\/blog\/malware-and-hacking\/how-to-defend-clickjacking","title":{"rendered":"How to defend ClickJacking ?"},"content":{"rendered":"<p><strong><span style=\"line-height: 1.5em;\">What is ClickJacking?<\/span><\/strong><\/p>\n<p>Clickjacking is a malicious process of tricking a Internet user into clicking on something different from what the user wants to click.\u00a0Thus it reveals confidential information or taking control of their computer while clicking on seemingly innocuous web pages.<\/p>\n<p><strong>Who has termed the techniq<a href=\"http:\/\/www.encoders.co.in\/blog\/wp-content\/uploads\/2014\/04\/3_twitter_clickjacking.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"size-medium wp-image-412 alignright\" alt=\"clickjacking\" src=\"http:\/\/www.encoders.co.in\/blog\/wp-content\/uploads\/2014\/04\/3_twitter_clickjacking-300x248.png\" width=\"300\" height=\"248\" srcset=\"https:\/\/www.encoders.co.in\/blog\/wp-content\/uploads\/2014\/04\/3_twitter_clickjacking-300x248.png 300w, https:\/\/www.encoders.co.in\/blog\/wp-content\/uploads\/2014\/04\/3_twitter_clickjacking.png 610w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a>ue?<\/strong><\/p>\n<p>The term &#8220;clickjacking&#8221; was coined by Jeremiah Grossman and Robert Hansen in 2008<\/p>\n<p><strong>Defending with X-Frame-Options Response Headers<\/strong><\/p>\n<p>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt; or &lt;iframe&gt;. Sites can use this to avoid Clickjacking attacks, by ensuring that their content is not embedded into other sites.<\/p>\n<p><strong><em>There are three settings for X-Frame-Options:<\/em><\/strong><\/p>\n<p><strong>SAMEORIGIN:<\/strong> This setting will allow page to be displayed in frame on the same origin as the page itself.<\/p>\n<p><strong>DENY:<\/strong> This setting will prevent a page displaying in a frame or iframe.<\/p>\n<p><strong>ALLOW-FROM uri:<\/strong> This setting will allow page to be displayed only on the specified origin.<br \/>\n<strong>How to implement in shared web hosting?<\/strong><\/p>\n<p><span style=\"line-height: 1.5em;\">If your website is hosted on shared web hosting then you won\u2019t have permission to modify httpd.conf. However, you can implement this by adding following line in .htaccess file.<\/span><\/p>\n<p><em><strong>Header append X-FRAME-OPTIONS &#8220;SAMEORIGIN&#8221;<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is ClickJacking? Clickjacking is a malicious process of tricking a Internet user into clicking on something different from what [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[],"class_list":["post-410","post","type-post","status-publish","format-standard","hentry","category-malware-and-hacking"],"_links":{"self":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts\/410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/comments?post=410"}],"version-history":[{"count":2,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts\/410\/revisions"}],"predecessor-version":[{"id":413,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts\/410\/revisions\/413"}],"wp:attachment":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/media?parent=410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/categories?post=410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/tags?post=410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}