How to checksite for clickjacking6/15/2023 You can't tell if the javascript defense is implemented because the iframe page is never loaded. The clickjack text is still there but nothing is shown in the iframe: This means that there is a header defense, and your browser supports it.The clickjack text disappears: This means that there is a javascript defense, and that there either is no header defense or your browser doesn't support it.If you perform that test there are a couple of things that could happen: It does not take into account the X-FRAME-OPTIONS header defense. It's not really incorrect, but it only accounts for the clickjacking defense script that is mentioned on the page. Happened to come across this question and figured I'd chip in to clarify what the problem is with that test.
0 Comments
Leave a Reply. |