top of page

Clickjacking

An attack where users are tricked into clicking on malicious elements hidden on a webpage.

Understanding Clickjacking


Clickjacking manipulates the visual representation of a webpage, making users believe they are interacting with a safe UI when they are actually clicking on attacker-controlled elements. This attack bypasses traditional security defenses because it exploits human interaction rather than software vulnerabilities.

Types of Clickjacking Attacks


  • Likejacking – Tricks users into unknowingly "liking" social media posts.

  • Cursorjacking – Manipulates cursor positioning to mislead users.

  • Clipboard Hijacking – Replaces copied text with attacker-controlled content (e.g., replacing a Bitcoin wallet address).

Permission Hijacking – Tricks users into enabling webcam, microphone, or location tracking.

Best Practices for Prevention


  • Implement X-Frame-Options Headers – Prevents sites from being embedded in iframes.

  • Use Content Security Policy (CSP) – Restricts the execution of unauthorized scripts.

  • Frame Busting Techniques – Prevents attackers from embedding site content into hidden frames.

User Awareness – Educating users about suspicious clicks can reduce risk.

bottom of page