I serve no ads. I even pulled my piwik so that my sites can be surfed no script.
Can you clickjack an encrypted page? How would the browser handle two certs? Original Message From: c0nw0nk Sent: Thursday, September 22, 2016 1:57 PM To: nginx@nginx.org Reply To: nginx@nginx.org Subject: Re: (Semi-OT) Clickjacking countermeasure If you read the OWASP page it will also mention about header stripping etc and proxies that will remove the X-Frames headers there is no real way to stop proxies framing your site but the X-Frame-Options combined with that JavaScript is a good way to start it will stop the majority. Also break their proxies is what I like to do. For example I combine it with not allowing people to browse with JavaScript disabled. (this is good for adverts too since ads use JavaScript so why would you let people browse with JavaScript disabled ?) <head> <noscript><meta http-equiv="refresh" content="0; URL=//www.networkflare.com/error.html"/></noscript> </head> There are some proxies that will still get through for example this one shows persistence but block their IP's and problem solved https://www.hidemyass.com/proxy Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269763,269776#msg-269776 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
