caon.io
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Clickjacking

Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website.

A website is vulnerable if:

  • X-Frame-Options is not set

Check header presence with:

POC 

<iframe src="https://example.com">
gdoc_arrow_left_alt Cache poisoning Command Injection gdoc_arrow_right_alt