Clickjacking is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer when they click on seemingly innocuous web pages.
A Clickjack takes the form of an embedded code or a script that executes without the user's knowledge i.e. clicking on a button performs another function.
To configure an Internet Information Services (IIS) server:
- On the OSCE server, open Command Prompt with administrative privilege.
- Execute the following command:
“C:\Windows\System32\inetsrv\appcmd.exe\" set config "OfficeScan" -section:httpProtocol "/+customHeaders.[name='X-Frame-Options',value='SAMEORIGIN']”
- Close the command window.