Clickjacking was covered in Chapter 5, Attacking Authentication, and is the technique where an attacker tricks a user into clicking on something other than what they believe they are clicking on. One of the best ways to protect against clickjacking is by running the noscript extension for Firefox or Chrome browsers. This will prevent unauthorized code from running in your web browser. Noscript can detect unauthorized scripts, alert the user of the script and prevent the script from running. Users have the ability to turn off scripting controls globally per session or per website.

The authors of this book are big fans of noscript; however, you should encourage web developers to set up X-Frame-Options header in HTTP responses ...