Web site administrators should take precautions to protect your webpages from clickjacking attempts. This is an issue that concerns any server that serves up web pages.
A common method considered clickjacking is to use the HTML iframe feature to embed another server's page within a given site's page. Note this is not a bad thing in itself. It is used for many good purposes as an HTML feature to create an integrated experience. The objection occurs when a third-party site includes details surrounding the displayed iframe to trick a user. Or, they simply have no permission to include your page within theirs. The question is, how to prevent this?
A simple Web Server Header configuration will prevent Clickjacking . Many of the Applicaiton have WebServer .Hence it is recomeneted to contorl all the Headers with in the Webserver . Below Header is applicable for Redhat Apache Server, Oracle Http Server & IBM http Server .
Header always append X-Frame-Options: SAMEORIGINConfigure above header in … and restart the server .
You can see the change reflected or not by verifing in the Broser headers .
No comments:
Post a Comment