I saw that, but I took the path of least resistance. The method I mentioned was sufficient to pass the tinfoilsecurity.com test.
To tinfoils's credit, they provided three references on Clickjacking, one of which is the website you suggested. Original Message From: c0nw0nk Sent: Thursday, September 22, 2016 1:34 PM To: [email protected] Reply To: [email protected] Subject: Re: (Semi-OT) Clickjacking countermeasure https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet Inside your <head> </head> tags. <style id="antiClickjack">body{display:none !important;}</style> <script type="text/javascript"> if (self === top) { var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { top.location = self.location; } </script> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269763,269773#msg-269773 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
