Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
The newest version of Firefox 3.6.9 now supports the X-Frame-Options HTTP response header to prevent clickjacking attacks.
Web site owners can configure their Web servers to send a special header that tells the browser to not embed the page inside another Web site’s content.
“When an attempt is made to load content into a frame, and permission is denied by the X-Frame-Options header, Firefox currently renders about:blank into the frame. At some point, an error message of some kind will be displayed in the frame instead,” according to the Mozilla document on X-Frame-Options response header.
In June, several hundred thousand Facebook users fell victim to a clickjacking attack.
