Menu
Recently I was flipping through some security issues faced by websites. Fortunately come across a new term "Click jacking"
I understood that this attack happens only if my website is loadable in an IFrame.
Further investigation helped to know that setting "x-frame-options" to "DENY" prevent the website been loaded in IFrame
But I Don't know how to implement this as I am very new to this domain?
362
There are three main ways to prevent clickjacking: Sending the proper Content Security Policy (CSP) frame-ancestors directive response headers that instruct the browser to not allow framing from other domains. The older X-Frame-Options HTTP headers is used for graceful degradation and older browser compatibility.
Clickjacking is an attack that fools users into thinking they are clicking on one thing when they are actually clicking on another. Its other name, user interface (UI) redressing, better describes what is going on.
Clickjacking is not considered a serious issue because it is hard to manipulate. I believe this is the most common reason. Some web developers consider clickjacking lower risk since it is harder to get sensitive information from an end-user, as compared with other attacks like XSS and SQL injection.
Clickjacking attacks are possible whenever websites can be framed. Therefore, preventative techniques are based upon restricting the framing capability for websites. A common client-side protection enacted through the web browser is to use frame busting or frame breaking scripts.
In your Global.asax you can add the following
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("x-frame-options", "SAMEORIGIN");
}
Just put following code under <system.webServer> section in web.config file
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="DENY"/>
</customHeaders>
</httpProtocol>
NOTE : The
X-Frame-Optionsheader may contain one of three tokens.You either add any of these.Each one has its own significance.
- DENY
- SAMEORIGIN
- ALLOW-FROM origin
For details visit MSDN blog : Combating ClickJacking With X-Frame-Options
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
