X-Frame-Options or CSP frame-ancestors?
Posted on 02 April 2016 in misc • Tagged with csp, ui-redressing, clickjacking
If you don't know about ClickJacking (UI Redressing) attack you can read the relevant article on OWASP website.
There are two main ways to prevent ClickJacking: frame breaking script and X-Frame-Options
header (see RFC 7034). While first one is technologically flawed solution the second one is good enough in the …
Continue reading