Project

General

Profile

Actions
Copy link

Story #52

open

Epic #51: Security Points Checking

Clickjacking

Added by rashmita rout about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Medium
Assignee:
-
Target version:
-
Start date:
01/13/2026
Due date:
% Done:

0%

Estimated time:
(Total: 0:00 h)
Acceptance Criteria:

1. The X-Frame-Options header is an HTTP response header that instructs the browser on whether the page should be allowed to be loaded in a frame or iframe. It provides a simple way to control framing behavior.

2. A framebuster script is designed to detect if a page is being loaded within a frame and take action to break out of the frame. This prevents the page from being rendered within an unauthorized context, reducing the risk of clickjacking attacks.

DOR:
No
Story Points:
Work Type:
Feature
User Impact:
Technical Area:
Release Narrative:
Planned Sprint:
Completed In Sprint:
Spillover Reason:
Deployment Reference URL:

Description

1. Preventing the browser from loading the page in frame using
the X-Frame-Options or Content Security Policy (frameancestors) HTTP headers.

2. Preventing session cookies from being included when the
page is loaded in a frame using the SameSite cookie
attribute.

3. Implementing JavaScript code in the page to attempt to
prevent it being loaded in a frame (known as a "framebuster").

Subtasks 1 (1 open0 closed)

Bug #53: Clickjacking Vulnerability – Missing X-Frame-Options / CSP HeadersNewTingg Operation01/13/2026

Actions
Actions
Copy link

Also available in: Atom PDF