Clickjacking Vulnerability (Missing X-Frame-Options)

Medium Severity Technical Guide

Vulnerability Description

Clickjacking (UI redressing) is an exploit where an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. This is usually achieved by embedding your website inside an iframe on the attacker's site.

Remediation Guide

To resolve this vulnerability, follow these config changes or developer practices:

To prevent clickjacking, set the X-Frame-Options response header to block framing from external domains, or use a Content-Security-Policy (CSP) frame-ancestors directive:

X-Frame-Options: SAMEORIGIN

Or in CSP:
Content-Security-Policy: frame-ancestors 'self';

Verify Your Fix

After applying the remediation, run an external attack-surface scan to verify that the vulnerability is no longer detected by WebScanify.

Is your website vulnerable?

Run a free security scan now to identify missing headers, outdated JS, and other deployment vulnerabilities.

Clickjacking Vulnerability (Missing X-Frame-Options)

Vulnerability Description

Remediation Guide

Verify Your Fix

Share this Guide

Is your website vulnerable?