{"id":374725,"date":"2023-03-30T06:57:18","date_gmt":"2023-03-30T06:57:18","guid":{"rendered":"https:\/\/webkul.com\/blog\/?p=374725"},"modified":"2023-03-30T15:30:58","modified_gmt":"2023-03-30T15:30:58","slug":"how-to-prevent-clickjacking-on-magento-2","status":"publish","type":"post","link":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/","title":{"rendered":"How to prevent Clickjacking on Magento 2?"},"content":{"rendered":"\n<p>Hello Friends!!!<\/p>\n\n\n\n<p>In this blog, we will learn about <strong>Clickjacking<\/strong> and how to prevent Clickjacking on Magento 2. which is critical for <a href=\"https:\/\/store.webkul.com\/magento2-security-extension.html\">Magento 2 Security<\/a><\/p>\n\n\n\n<p><strong>What is Clickjacking?<\/strong><br>&#8216;<em>Clickjacking<\/em>&#8216; or &#8216;<em>UI Redress Attack<\/em>&#8216; is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.<br>This can result in the theft of confidential information, redirection to a malicious website, extortion of money, fraudulent purchases online, or coerce into downloading malware.<\/p>\n\n\n\n<p><strong>How does Clickjacking Affect Magento 2?<\/strong><br>Let&#8217;s take an example to understand how exactly a Clickjacking attack works:<br><br>* Suppose, an attacker has created a page on the website that has a button on it that says &#8220;Click here for a free Gift&#8221;.<br>* And on top of that web page, the attacker has loaded an iframe with some malicious link.<br>* When the user\/victim clicks on the&#8221;Click here for a free Gift&#8221; button, he will be redirected to another page or website without ever knowing what actually happened in the background.<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><em>In essence, the attacker has &#8220;hijacked&#8221; the user&#8217;s click, hence the name is &#8220;Clickjacking&#8221;.<\/em><\/p>\n\n\n\n<p>In many cases, the user may not realize that their clicks are doing more than what they intend to do. Just by clicking, they open up their Magento website to a number of vulnerabilities.<\/p>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>How to Prevent Clickjacking on Magento 2?<\/strong><br>There are three main mechanisms that can be used to defend against these attacks:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Preventing the browser from loading the page in the frame using the X-Frame-Options or Content Security Policy (frame-ancestors) HTTP headers.<\/li>\n\n\n\n<li>Preventing session cookies from being included when the page is loaded in a frame using the SameSite cookie attribute.<\/li>\n\n\n\n<li>Implementing JavaScript code in the page to attempt to prevent it from being loaded in a frame (known as a &#8220;frame-buster&#8221;).<\/li>\n<\/ol>\n\n\n\n<p><strong>Defending with Content Security Policy (CSP) frame-ancestors directive:<\/strong><\/p>\n\n\n\n<p>The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a &lt;iframe&gt; or &lt;frame&gt;.<br>frame-ancestors allows a site to authorize multiple domains using the normal Content Security Policy semantics.<br><span style=\"text-decoration: underline\">Content-Security-Policy: frame-ancestors Examples<\/span><\/p>\n\n\n\n<p><em>Content-Security-Policy: frame-ancestors &#8216;none&#8217;;<\/em><br>&gt;&gt; It prevents any domain from framing the content. This setting is recommended unless a specific need has been identified for framing.<br><em>Content-Security-Policy: frame-ancestors &#8216;self&#8217;;<\/em><br>&gt;&gt; It only allows the current site to frame the content.<br><em>Content-Security-Policy: frame-ancestors &#8216;self&#8217; *.example.com https:\/\/examplefriendweb.com;<\/em><br>&gt;&gt; It allows the current site, as well as any page on example.com (using any protocol), and only the page examplefriendweb.com, using HTTPS only on the default port (443).<br><br><strong>Note:<\/strong> Single quotes(&#8216;) are required around in <em>self<\/em> and <em>none<\/em> values, but may not occur around other source expressions.<\/p>\n\n\n\n<p><strong>Defending with X-Frame-Options Response Headers:<\/strong><\/p>\n\n\n\n<p>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;iframe&gt;, &lt;frame&gt;, or &lt;object&gt;.<\/p>\n\n\n\n<p><em>There are three possible values for the X-Frame-Options header:<\/em><br><strong>DENY: <\/strong>It prevents any domain from framing the content. The &#8220;DENY&#8221; setting is recommended unless a specific need has been identified for framing.<br><strong>SAMEORIGIN:<\/strong> It only allows the current site to frame the content.<br><strong>ALLOW-FROM &lt;uri&gt;:<\/strong> It permits the specified &#8216;URI&#8217; to frame this page. (e.g., ALLOW-FROM http:\/\/www.example.com).<br>This&nbsp;option has been deprecated because Magento-supported browsers no longer support it.<br><br><strong>Implement&nbsp;<code>X-Frame-Options<\/code><\/strong> <strong>:<\/strong>  We can set a value for&nbsp;<code>X-Frame-Options<\/code>&nbsp;in&nbsp;<code><em>&lt;magento_root&gt;\/app\/etc\/env.php<\/em><\/code>. Following is the default value:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\">&#039;x-frame-options&#039; =&gt; &#039;SAMEORIGIN&#039;,<\/pre>\n\n\n\n<p><strong>Verifying your setting for&nbsp;<code>X-Frame-Options<\/code>:<\/strong>  There are several ways to do this, here are a few examples:<br>1. Using a web browser inspector. Refer to the following image:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1200\" height=\"616\" src=\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png\" alt=\"Screenshot-from-2023-03-30-12-09-55\" class=\"wp-image-374737\" srcset=\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png 1200w, https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-300x154.png 300w, https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-250x128.png 250w, https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-768x394.png 768w, https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55.png 1301w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" loading=\"lazy\" \/><\/figure>\n\n\n\n<p>2. Use the following curl command, which we can run from any machine that can connect to your Magento server over the HTTP protocol.<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\">curl -I -v --location-trusted &#039;&lt;your Magento storefront URL&gt;&#039;<\/pre>\n\n\n\n<p>Look for the&nbsp;<code>X-Frame-Options<\/code>&nbsp;value in the headers.<br><br>Hope this will be Helpful. Thanks \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello Friends!!! In this blog, we will learn about Clickjacking and how to prevent Clickjacking on Magento 2. which is critical for Magento 2 Security What is Clickjacking?&#8216;Clickjacking&#8216; or &#8216;UI Redress Attack&#8216; is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is <a href=\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\">[&#8230;]<\/a><\/p>\n","protected":false},"author":249,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9121],"tags":[13888,13894,12405,12408,13889,13891,13890,13892,13893,13895],"class_list":["post-374725","post","type-post","status-publish","format-standard","hentry","category-magento-2","tag-clickjacking","tag-content-security-policy","tag-csp","tag-frame-ancestors","tag-how-to-prevent-clickjacking-on-magento-2","tag-prevent-clickjacking","tag-prevent-clickjacking-on-magento-2","tag-ui-redress-attack","tag-x-frame-options","tag-x-frame-options-header"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to prevent Clickjacking on Magento 2? - Webkul Blog<\/title>\n<meta name=\"description\" content=\"What is Clickjacking and How to prevent Clickjacking on Magento 2? &#039;Clickjacking&#039; or &#039;UI Redress Attack&#039; is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to prevent Clickjacking on Magento 2? - Webkul Blog\" \/>\n<meta property=\"og:description\" content=\"What is Clickjacking and How to prevent Clickjacking on Magento 2? &#039;Clickjacking&#039; or &#039;UI Redress Attack&#039; is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Webkul Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webkul\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-30T06:57:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-30T15:30:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png\" \/>\n<meta name=\"author\" content=\"Khushboo Sahu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@webkul\" \/>\n<meta name=\"twitter:site\" content=\"@webkul\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Khushboo Sahu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\"},\"author\":{\"name\":\"Khushboo Sahu\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/f94b8f53397bf85810761d76c98fadca\"},\"headline\":\"How to prevent Clickjacking on Magento 2?\",\"datePublished\":\"2023-03-30T06:57:18+00:00\",\"dateModified\":\"2023-03-30T15:30:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\"},\"wordCount\":663,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/webkul.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png\",\"keywords\":[\"Clickjacking\",\"Content Security Policy\",\"CSP\",\"frame-ancestors\",\"How to prevent Clickjacking on Magento 2\",\"prevent Clickjacking\",\"prevent Clickjacking on Magento 2\",\"UI Redress Attack\",\"X-Frame-Options\",\"X-Frame-Options header\"],\"articleSection\":[\"Magento 2\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\",\"url\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\",\"name\":\"How to prevent Clickjacking on Magento 2? - Webkul Blog\",\"isPartOf\":{\"@id\":\"https:\/\/webkul.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png\",\"datePublished\":\"2023-03-30T06:57:18+00:00\",\"dateModified\":\"2023-03-30T15:30:58+00:00\",\"description\":\"What is Clickjacking and How to prevent Clickjacking on Magento 2? 'Clickjacking' or 'UI Redress Attack' is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.\",\"breadcrumb\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage\",\"url\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55.png\",\"contentUrl\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55.png\",\"width\":1301,\"height\":668,\"caption\":\"Screenshot-from-2023-03-30-12-09-55\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/webkul.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to prevent Clickjacking on Magento 2?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/webkul.com\/blog\/#website\",\"url\":\"https:\/\/webkul.com\/blog\/\",\"name\":\"Webkul Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/webkul.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/webkul.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/webkul.com\/blog\/#organization\",\"name\":\"WebKul Software Private Limited\",\"url\":\"https:\/\/webkul.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png\",\"contentUrl\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png\",\"width\":380,\"height\":380,\"caption\":\"WebKul Software Private Limited\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webkul\/\",\"https:\/\/x.com\/webkul\",\"https:\/\/www.instagram.com\/webkul\/\",\"https:\/\/www.linkedin.com\/company\/webkul\",\"https:\/\/www.youtube.com\/user\/webkul\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/f94b8f53397bf85810761d76c98fadca\",\"name\":\"Khushboo Sahu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cabac965df656d114e6bf340df07518c990eda03bb09265dbd5c17f1097adaae?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Feva.png&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cabac965df656d114e6bf340df07518c990eda03bb09265dbd5c17f1097adaae?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Feva.png&r=g\",\"caption\":\"Khushboo Sahu\"},\"url\":\"https:\/\/webkul.com\/blog\/author\/khushboo-sahu062\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to prevent Clickjacking on Magento 2? - Webkul Blog","description":"What is Clickjacking and How to prevent Clickjacking on Magento 2? 'Clickjacking' or 'UI Redress Attack' is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/","og_locale":"en_US","og_type":"article","og_title":"How to prevent Clickjacking on Magento 2? - Webkul Blog","og_description":"What is Clickjacking and How to prevent Clickjacking on Magento 2? 'Clickjacking' or 'UI Redress Attack' is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.","og_url":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/","og_site_name":"Webkul Blog","article_publisher":"https:\/\/www.facebook.com\/webkul\/","article_published_time":"2023-03-30T06:57:18+00:00","article_modified_time":"2023-03-30T15:30:58+00:00","og_image":[{"url":"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png","type":"","width":"","height":""}],"author":"Khushboo Sahu","twitter_card":"summary_large_image","twitter_creator":"@webkul","twitter_site":"@webkul","twitter_misc":{"Written by":"Khushboo Sahu","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#article","isPartOf":{"@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/"},"author":{"name":"Khushboo Sahu","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/f94b8f53397bf85810761d76c98fadca"},"headline":"How to prevent Clickjacking on Magento 2?","datePublished":"2023-03-30T06:57:18+00:00","dateModified":"2023-03-30T15:30:58+00:00","mainEntityOfPage":{"@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/"},"wordCount":663,"commentCount":0,"publisher":{"@id":"https:\/\/webkul.com\/blog\/#organization"},"image":{"@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage"},"thumbnailUrl":"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png","keywords":["Clickjacking","Content Security Policy","CSP","frame-ancestors","How to prevent Clickjacking on Magento 2","prevent Clickjacking","prevent Clickjacking on Magento 2","UI Redress Attack","X-Frame-Options","X-Frame-Options header"],"articleSection":["Magento 2"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/","url":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/","name":"How to prevent Clickjacking on Magento 2? - Webkul Blog","isPartOf":{"@id":"https:\/\/webkul.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage"},"image":{"@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage"},"thumbnailUrl":"https:\/\/webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55-1200x616.png","datePublished":"2023-03-30T06:57:18+00:00","dateModified":"2023-03-30T15:30:58+00:00","description":"What is Clickjacking and How to prevent Clickjacking on Magento 2? 'Clickjacking' or 'UI Redress Attack' is a malicious technique that consists of deceiving a web user into interacting with something different from what the user believes he is interacting with.","breadcrumb":{"@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#primaryimage","url":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55.png","contentUrl":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-30-12-09-55.png","width":1301,"height":668,"caption":"Screenshot-from-2023-03-30-12-09-55"},{"@type":"BreadcrumbList","@id":"https:\/\/webkul.com\/blog\/how-to-prevent-clickjacking-on-magento-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/webkul.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to prevent Clickjacking on Magento 2?"}]},{"@type":"WebSite","@id":"https:\/\/webkul.com\/blog\/#website","url":"https:\/\/webkul.com\/blog\/","name":"Webkul Blog","description":"","publisher":{"@id":"https:\/\/webkul.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/webkul.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/webkul.com\/blog\/#organization","name":"WebKul Software Private Limited","url":"https:\/\/webkul.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png","contentUrl":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png","width":380,"height":380,"caption":"WebKul Software Private Limited"},"image":{"@id":"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webkul\/","https:\/\/x.com\/webkul","https:\/\/www.instagram.com\/webkul\/","https:\/\/www.linkedin.com\/company\/webkul","https:\/\/www.youtube.com\/user\/webkul\/"]},{"@type":"Person","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/f94b8f53397bf85810761d76c98fadca","name":"Khushboo Sahu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cabac965df656d114e6bf340df07518c990eda03bb09265dbd5c17f1097adaae?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Feva.png&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cabac965df656d114e6bf340df07518c990eda03bb09265dbd5c17f1097adaae?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Feva.png&r=g","caption":"Khushboo Sahu"},"url":"https:\/\/webkul.com\/blog\/author\/khushboo-sahu062\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/374725","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/users\/249"}],"replies":[{"embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/comments?post=374725"}],"version-history":[{"count":5,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/374725\/revisions"}],"predecessor-version":[{"id":374867,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/374725\/revisions\/374867"}],"wp:attachment":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/media?parent=374725"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/categories?post=374725"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/tags?post=374725"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}