Hi ClearClick! Good bye Clickjacking?
This works in most browsers, with Internet Explorer being a notable exception.
IE8 comes with another new technique.The fix is actually very simple: it lets website owners include an extra tag in their pages that tells Internet Explorer the page is not supposed to be included in a frame. It’s called X-FRAME-OPTIONS;
a value of DENY means the page should never be opened in a frame, and
SAMEORIGIN only allows it to be framed within pages from the same site.
Any other use will show a warning, and a link that opens the page in a
There are efforts to make Firefox too compatible to it .
But for the time being, Firefox users can use the a plug in ClearClick by NoScript.
Clickjacking hides or displaces or partially covers something you wouldn't want to click, if you could see it in its original context. ClearClick does the opposite: whenever you click a plugin object or a framed page, it takes a screenshot of it alone and opaque (i.e. an image of it with no transparencies and no overlaying objects), then compares it with a screenshot of the parent page as you can see it. If the two images differ, a clickjacking attack is probably happening and NoScript raises a "ClearClick warning",