X-Frame-Options or CSP frame-ancestors?

Posted on 02 April 2016 in misc • Tagged with csp, ui-redressing, clickjacking

If you don't know about ClickJacking (UI Redressing) attack you can read the relevant article on OWASP website.

There are two main ways to prevent ClickJacking: frame breaking script and X-Frame-Options header (see RFC 7034). While first one is technologically flawed solution the second one is good enough in the …


Continue reading