Question
I need to add click jacking protection to a website. I know this can be done in IIS with setting the X-Frame option for newer browsers. For older browsers, I know you need to add frame buster - which is some javascript etc.
Here is my main question: If you have to add the javascript for the frame busters for the older browsers - do you have to add it to EVERY single html page in your website? My website has A LOT of different html pages etc. Just need a good opinion.
Solution
Yes, you need it on every page, or it's pointless -- if a given page is unprotected, then a malicious actor can put it in a frame and do whatever he or she wants to it, including, say, making it look like a checkout form.
The easiest way to do this will be to put it in an external script that you load for each page; don't put the script itself in each page. If you have any kind of template system, it's even easier; just add it once to your header file.
https://stackoverflow.com/questions/21973829
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian