Get Paid to Participate - up to $1 per post!     Twitter     Facebook
Hosting Discussion

Hosting Discussion > Web Hosting Forums > Website Development & Design > Prevent Clickjacking Of E-Commerce, Logins And Forms
forgot password?



  Post #1 (permalink)   02-13-2017, 08:57 PM
HD Amateur
Join Date: Feb 2017
Location: Gainesville, Fl
Posts: 86

Status: danielpmc is offline
Use one or the other to prevent other sites from iframing your site in order to prevent clickjacking. Deny means nobody can iframe your site, Sameorigin means you can iframe a page or content of yours elsewhere on your site. Place the code in your cPanel/public_html/.htaccess file or equivalent.

Header always set X-Frame-Options "DENY"
Header always set X-Frame-Options "SAMEORIGIN"
This is not for hotlinking, it is to prevent clickjacking. These types of headers are part of what they call Content Security Policy. It is a complex way of denying man in the middle attacks, page reload attacks, breaches and exploits. To write a Content Security Policy is a very effective way of securing traffic in and out of any server. But it can be very challenging to understand and code. I am currently working on a tutorial which i will post here within a week.

In a nutshell, if somebody wanted to steal your E-commerce shopping carts info or website login info they would copy your shopping cart or login page and host it somewhere in a dark corner of the internet. Now skipping some details which i obviously am not going to tell you, they iframe your site on top of the fake pages under their control. So when a person inputs credit card info or logins, it is actually being typed into the fake site and the hacker receives the credit card or login info.

Be safe out there!
Stone soup is flavored by its offerings of humanity.

Last edited by danielpmc : 02-13-2017 at 09:25 PM. Reason: typo

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: