X-Frame-Options

In this lesson, we'll study X-Frame-Options.

We'll cover the following...

What is clickjacking?

Imagine seeing a web page like this on your screen:

As soon as you click on the link, you realize that all the money in your bank account is gone. What happened?

You were a victim of a clickjacking attack! An attacker directed you to their website, which displays an attractive link to click. Unfortunately, they also embedded an iframe from your-bank.com/transfer?amount=10000000&to=attacker@example.com in the page but hid it by setting its opacity to 0%. Then, instead of clicking on the original page and winning a brand-new hummer, the browser captured a click on the iframe, a dangerous click that confirmed the transfer of money. Most banking systems require ...