What are clickjacking attacks?

Clickjacking occurs when a user is tricked by a fake website impresonating a real one. The user thinks they are accessing a different website and can perform actions that compromise their security or that of your organisation (sharing personal information, payment information, etc.).

An attacker could create a copy of your login page and users, believing it to be the correct website, could attempt to log in by sending credentials to the attacker. This could compromise users' private data, such as personal information and payment details.

Protecting yourself from clickjacking requires changes to your website that would normally be easily implemented by a computer scientist or developer (but would be difficult for a non-technical person to implement). These changes include adding the HTTP X-Frame Options header and creating a Content Security Policy (CSP).

Please refer to the "Website Security" section of the platform to learn about your protection against clickjacking attacks and send the technical report to your web developer to fix any vulnerabilities that are found.