Clickjacking Protection

What is Clickjacking?

Clickjacking allows an attacker to trick a user into clicking on something they didn't intend to click on, or typing sensitive data into a page that they otherwise wouldn't have shared that data with.

Depending on the attacker, the objective of such an attack can vary, but often includes downloading files, leaking sensitive credentials or even stealing money.

How do we fix it?

Historically, Clickjacking would be mitigated with X-Frame Options, a feature that whilst effective, lacked any flexibility.

It's now possible to properly defend against Clickjacking attacks effectively, and still have the flexibility to operate your site how you need, using Content Security Policy.

What do I need to do?

Clickjacking attacks are one of the easiest attacks to defend against using Content Security Policy and we have a range of tools to help you get started.

Take a look at our detailed Content Security Policy page for more information.

With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.

- OWASP

How we can help

By providing an easy way for domain owners to setup Content Security Policy and then monitor CSP Reports, you can detect and even prevent Clickjacking attacks.

Use our tailor built tools and features to help you get started!

The CSP Wizard

We often find that creating a CSP is the first difficult step that organisations face. Having a complete list of all resource dependencies across your entire site like images, scripts or styles, from both 1st-party and 3rd-party locations, is tough to achieve.

The CSP Wizard was created to solve this problem, and in seven days or less, it can you give a complete list of all resources used across your entire site.

With the list of all resources you use on your site, and our easy to use tool, creating a viable Content Security Policy is easier than ever with just a few clicks.

Documentation

The CSP Builder

All Content Security Policies will need to be tweaked at some point. New resources may be added to the site or old resources removed, and the policy needs to be updated to reflect those changes and kept up to date.

You can import your existing policy into the CSP Builder and use our fully featured tool to make any changes that you require right there in the UI. When you're done, hit Generate, and the CSP Builder will provide you with your new, updated policy.

CSP Builder