2 Replies Latest reply on Dec 9, 2015 2:15 AM by tnayyar RSS
    tnayyar Creator

    Clickjacking - Framable Page

    Threat:-

    The page can be easily framed. Anti-framing measures are not used.

     

    Impact:-

    Clickjacking and Cross-Site Request Forgery (CSRF) can be performed by framing the target site. An attack can trick the user into clicking on the link by framing

    the original page and showing a layer on top of it with dummy buttons.

     

    Solution:-

    X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page.

     

    How to implement X-Frame options in ThingWorx application page? I'm new to this threat and recommended solution.Please help me out.

     

     

    Thanks in advance!