cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - New to the community? Learn how to post a question and get help from PTC and industry experts! X

Clickjacking - Framable Page

TanmeyTWX
17-Peridot

Clickjacking - Framable Page

Threat:-

The page can be easily framed. Anti-framing measures are not used.

Impact:-

Clickjacking and Cross-Site Request Forgery (CSRF) can be performed by framing the target site. An attack can trick the user into clicking on the link by framing

the original page and showing a layer on top of it with dummy buttons.

Solution:-

X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page.

How to implement X-Frame options in ThingWorx application page? I'm new to this threat and recommended solution.Please help me out.

Thanks in advance!

2 REPLIES 2
TanmeyTWX
17-Peridot
(To:mattfor)

Thanks Mathew for these references.

But I'm unable to understand the way of implementing X-Frame options into ThingWorx application/site.

-Which script or service file to be edited,is it any Tomcat conf file or what ?

-How to verify the success after the implementation?

Top Tags