Showing results for 
Search instead for 
Did you mean: 

Understanding Clickjacking Vulnerabilities


Clickjacking is when a threat actor leverages multiple transparent or opaque layers to trick users into clicking on a link or any component of a web application to redirect them to another page (often a malicious website). Clickjacking is also known as a “UI redress vulnerability” or “UI redress attack”.  

Clickjacking attacks involve a level of social engineering in order to trick users to click on the affected components or links and redirect them to a malicious website.

Certain clickjacking vulnerabilities could also allow user keystrokes to also be hijacked. For instance, an attacker can craft or modify a combination of CSS stylesheets, iFrames, and web forms, to trick users to believe they are typing in a password in a web application. However, they are instead typing it into an invisible frame controlled by the attacker.

Preventing Clickjacking Vulnerabilities

The following are a few methods to prevent clickjacking vulnerabilities and underlying attacks:

The following additional resources provide detailed information on how to prevent clickjacking vulnerabilities at:




Content for Community-Ad