# Clickjacking > Clickjacking is a type of web security vulnerability where a malicious website tricks a user into clicking on something different from what the user perceives, potentially causing the user to perform unintended actions without their knowledge or consent. Users are tricked into performing all sorts of unintended actions as such as typing in the password, clicking on ‘Delete my account’ button, liking a post, deleting a post, commenting on a blog. In other words all the actions that a normal user can do on a legitimate website can be done using clickjacking. ## Summary * [Tools](#tools) * [Methodology](#methodology) * [UI Redressing](#ui-redressing) * [Invisible Frames](#invisible-frames) * [Button/Form Hijacking](#buttonform-hijacking) * [Execution Methods](#execution-methods) * [Preventive Measures](#preventive-measures) * [Implement X-Frame-Options Header](#implement-x-frame-options-header) * [Content Security Policy (CSP)](#content-security-policy-csp) * [Disabling JavaScript](#disabling-javascript) * [OnBeforeUnload Event](#onbeforeunload-event) * [XSS Filter](#xss-filter) * [IE8 XSS filter](#ie8-xss-filter) * [Chrome 4.0 XSSAuditor filter](#chrome-40-xssauditor-filter) * [Challenge](#challenge) * [Labs](#labs) * [References](#references) ## Tools * [portswigger/burp](https://portswigger.net/burp) * [zaproxy/zaproxy](https://github.com/zaproxy/zaproxy) * [machine1337/clickjack](https://github.com/machine1337/clickjack) ## Methodology ### UI Redressing UI Redressing is a Clickjacking technique where an attacker overlays a transparent UI element on top of a legitimate website or application. The transparent UI element contains malicious content or actions that are visually hidden from the user. By manipulating the transparency and positioning of elements, the attacker can trick the user into interacting with the hidden content, believing they are interacting with the visible interface. * **How UI Redressing Works:** * Overlaying Transparent Element: The attacker creates a transparent HTML element (usually a `