application-security

Clickjacking

Definition

Clickjacking is a UI redress attack that tricks users into clicking hidden or disguised interface elements by overlaying a transparent iframe on top of a legitimate page. Attackers exploit this to capture clicks intended for the victim page — triggering unintended actions like enabling a webcam, making purchases, or liking social media content.

Prevention relies on X-Frame-Options or CSP frame-ancestors response headers.

Related Terms

CSP

Content Security Policy

XSS

Cross-Site Scripting

CSRF

Cross-Site Request Forgery

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product