Back to Glossary

Glossary Term

Clickjacking

Malicious overlays trick users into triggering hidden actions on trusted interfaces.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Clickjacking

1-minute read

What it is

Clickjacking is a UI-based attack where malicious content is layered over legitimate web elements, tricking users into clicking on actions they did not intend to perform.

Why it matters

Victims may unknowingly change security settings, authorize transactions, or grant permissions. Clickjacking exploits user trust and can bypass traditional security controls when sensitive pages are allowed inside iframes.

How to reduce risk

  • Use X-Frame-Options or strict Content-Security-Policy frame-ancestors directives
  • Prevent sensitive workflows from being embedded in iframes or overlays

Related Terms: Content Security Policy, Frontend Security Headers, Open Redirect

External Resources:

  • OWASP – Clickjacking: https://owasp.org/www-community/attacks/Clickjacking