This is a simple test for the X-FRAME-OPTIONS header supported by new browsers to avoid clickjacking attacks. You should see two green boxes on the right and no red boxes on the left. If you see red boxes on the left, your browser is vulnerable to clickjacking.

You shouldn't see stuff in here:


You should see stuff in here:



Background info

Clickjacking is a security problem in web applications that works by tricking the user to click on a button inside an iframe that's placed via javascript under his mousecursor. Without browser support, it's hard to avoid this problem, so various browser vendors implemented a new header X-FRAME-OPTIONS that allows web applications to define if they're allowed to be shown inside a frame.

The clickjacking protection has been implemented in Safari, Opera, Internet Explorer, Chrome, Firefox, Android browser, reqkonq and others. Konqueror still lacks it and places its users at risk.

Hanno Böck

CC0