Clickjacking is also known as “User Interface redress attack”.
The attacker uses a malicious technique of tricking a user to click a button or link, which reveals the confidential information, which in turn allows attacker to take control of the user’s computer or the web browser.
In Web browsers, It’s a browser security issue that is a vulnerability across different browsers and platforms.
How to prevent from Clickjacking?
X-frame-options is a HTTP response header also known as HTTP security header.
The X-frame-options in HTTP response headers can be used to prevent any clickjacking attacks.
It defines whether a browser should be allowed or not, To render a page in frames.
Setting UP X-Frame-Options:
There are 3 ways of setting up X-Frame-Options in a Web server.
SAME ORIGIN:
This directive allows the page to be rendered in the frame if the frame has same origin as the page.
ALLOW FROM URI:
This directive has now became obsolete and shouldn’t be used.using this option , The page can be rendered in that is originated form specific uri.
DENY:
This will completed deny the pages to be rendered in frame or iframe.
Configuring Nginx:
Let’s go ahead and implement X-Frame-Option in Nginx.To do so, Login to the server, Go the directory where Nginx is installed.In most cases it will be /etc/nginx/ directory.