I saw that, but I took the path of least resistance. The method I mentioned was 
sufficient  to pass the tinfoilsecurity.com test.

To tinfoils's credit, they provided three references on Clickjacking, one of 
which is the website you suggested.

  Original Message  
From: c0nw0nk
Sent: Thursday, September 22, 2016 1:34 PM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: (Semi-OT) Clickjacking countermeasure

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

Inside your <head> </head> tags.

<style id="antiClickjack">body{display:none !important;}</style>
<script type="text/javascript">
if (self === top) {
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.location = self.location;
}
</script>

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269763,269773#msg-269773

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to