Search

MachPanel Knowledgebase

HOW TO:Protecting Your Website From ClickJacking

Rehan Waseem
MachPanel

Summary

This article provides information on how to Protect your Website from ClickJacking.

Applies To

This article applies to MachPanel v6 and above.

Steps and Procedure

To protect website from clickjacking, it is required to append a Content Security Policy header to the HTTP response with frame-ancestors directive sent by web server.

Custom header can be added to a website in IIS as shown below.

 

 

Inside ‘Value’ for ‘frame-ancestors’ multiple values can be specified separated by white space like below

Frame-ancestors ‘self’ ‘https://*.jquery.com’ ‘https://www.example.com’ ‘https://*.providesupprot.com’;

For Machpanel add as below

frame-ancestors ‘self’ ‘https://*.duosecurity.com’ ‘https://app.powerbi.com’

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

https://content-security-policy.com/

https://portswigger.net/web-security/cross-site-scripting/content-security-policy



Details
Type: HOW TO
Level: Beginner
Last Modified: 4 Years Ago
Last Modified By: rehan_waseem
Article not rated yet.
Article has been viewed 2K times.
Options
Also In This Category