Clickjacking

Clickjacking occurs when an attacker embeds a legitimate page inside a malicious or deceptive interface, causing users to unknowingly perform actions such as changing settings, approving requests, or submitting forms. It is commonly prevented using frame protection headers, content security policy, and proper UI security controls. In security testing, clickjacking impact depends on whether the affected page allows sensitive actions, authenticated workflows, financial changes, or account-level modifications.