How good can X-Frame-Options HTTP header do against click-jacking?
X-Frame-Options HTTP header is used to tell if a webpage is allowed to be used in a frame/iframe.
Frames can be used for click-jacking/UI-redress attacks.
It is advised to set X-Frame-Options to ‘DENY’ to prevent page being used for cli… Continue reading How good can X-Frame-Options HTTP header do against click-jacking?