ShieldReport
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign InRun Free Scan
Run Scan
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign In
← Back to Wiki

Clickjacking

medium
CWE-1021Browser Security

What is Clickjacking?

Clickjacking tricks users into clicking on hidden elements by overlaying a transparent iframe of the target application on top of a malicious page.

How it works

An attacker creates a page with an invisible iframe containing the target application positioned so that the victim's clicks on the malicious page actually interact with the hidden application's buttons or links.

Impact

Unauthorised actions performed by the victim, including changing account settings, making purchases, liking social media content, or enabling webcam access.

How ShieldReport detects this

ShieldReport checks for X-Frame-Options and Content-Security-Policy frame-ancestors directives that prevent iframe embedding.

How to fix it

Set X-Frame-Options: DENY or SAMEORIGIN. Use Content-Security-Policy: frame-ancestors 'self'. Both headers should be present for broad browser compatibility.

Tags

browseriframeheaders

Is your site vulnerable to Clickjacking?

Run a free scan to find out in under 2 minutes.

Scan Now
ShieldReport

Website security scanning and reporting for developers, teams, and agencies.

ShieldReport - Security reports done in minutes which developers understand | Product Hunt

Product

  • Free Security Scan
  • What We Check
  • Pricing
  • Sample Report

Resources

  • Security Blog
  • FAQ
  • Website Security Checklist
  • CSP Guide

Topics

  • Security Headers
  • TLS Configuration
  • OWASP Top 10
  • Vulnerability Scanning

© 2026 ShieldReport. All rights reserved.

Run Free ScanPricingBlogSitemapRSS Feed