Clickjacking (UI Redressing)
Clickjacking overlays a transparent malicious iframe over a legitimate webpage. The victim thinks they are clicking on the visible page but are actually clicking through to the hidden iframe - triggering unintended actions on a trusted site.
iframe State
Visible layer-
Hidden layer
opacity-
z-index-
Session State
Cookie-
Bank session-
Actionnone
Defense Headers
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
CSP: frame-ancestors 'none'
SameSite=Strict cookies
X-Frame-Options: SAMEORIGIN
CSP: frame-ancestors 'none'
SameSite=Strict cookies
Event Log