Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
It is a browser security issue that is a vulnerability across a variety of browsers and platforms.
A clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function. This will be partly protected by default due to mod_security, however, you can enable an additional layer (at nginx level) from within our CLOUDNS plugin in cPanel.
- Login to cPanel
- Go to Nginx Cluster Control
- Select the domain you wish to enable it for from the dropdown list, then click ‘Configure’
- Click ‘Application Settings’
- Scroll down to ‘Security Settings’
- Enable the ‘clickjacking_protect’ option