[Owasp-leaders] Clickjacking Defense
eoin.keary at owasp.org
Mon Sep 3 19:18:50 UTC 2012
The jscript stuff still makes it a little header. There are also some sorta effective solutions. Should you not include them?
Owasp Global Board
+353 87 977 2988
On 3 Sep 2012, at 17:58, Jim Manico <jim.manico at owasp.org> wrote:
> I want to write a Cheat-sheet on Clickjacking defense.
> I was thinking of just discussing the different framing blocking headers....
> // to prevent all framing of this content
> response.addHeader( "X-FRAME-OPTIONS", "DENY" );
> // to allow framing of this content only by this site
> response.addHeader( "X-FRAME-OPTIONS", "SAMEORIGIN" );
> // to allow framing from a specific domain
> response.addHeader( "X-FRAME-OPTIONS", "ALLOW-FROM X" );
> What do you think, any thoughts on this topic?
> Cheers folks,
> Jim Manico
> OWASP Volunteer
> (808) 652-3805
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders