PHPackages elliotsawyer/anticlickjack - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. elliotsawyer/anticlickjack ActiveSilverstripe-vendormodule[Security](/categories/security) elliotsawyer/anticlickjack ========================== Template shim to prevent clickjacking on a SilverStripe website 1.0.0(6y ago)038BSD-3-ClauseScheme Since Sep 3Pushed 6y ago1 watchersCompare [ Source](https://github.com/elliot-sawyer/anticlickjack)[ Packagist](https://packagist.org/packages/elliotsawyer/anticlickjack)[ Docs](http://silverstripe.org)[ RSS](/packages/elliotsawyer-anticlickjack/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependencies (1)Versions (2)Used By (0) anticlickjack ============= [](#anticlickjack) Actively combats an attempt to load your SilverStripe site through an iframe. This works as a fallback when used with `Security::frame_options = 'DENY'` and any X-Frame-Options headers sent by your webserver. This is not an original idea - the attack and the sample code used to prevent it [have been available on the internet since 2008](https://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference). Clickjacking occurs when an attacker loads your website through an iframe and overlays that frame on an attack page. The opacity of the iframe can be set to 0 and positioned over an element on their page (such as a button) to trick the user into clicking it - the click is actually passed through to your site through the iframe. A common mitigation is to set your server headers to deny loading from iframes completely, or only allow them if it originates from the same domain. This shim acts as a fallback if those headers are not in place, or your browser is too old or restricted to understand them - if a clickjack is detected, the hostpage will redirect to the URL defined on its `src` attribute. installation ------------ [](#installation) `composer require elliotsawyer/anticlickjack` usage ----- [](#usage) Add this at the very end of your tags. ``` ... ``` license ------- [](#license) Copyright 2019 Elliot Sawyer. Released under BSD-3 contributing ------------ [](#contributing) Contributions are more than welcome! Please raise some issues or create pull requests on the Github repo. support ------- [](#support) Need some extra help or just love my work? Consider shouting me a coffee or a small donation if this module helped you solve a problem. I accept cryptocurrency at the following addresses: - Bitcoin: 12gSxkqVNr9QMLQMMJdWemBaRRNPghmS3p - Bitcoin Cash: 1QETPtssFRM981TGjVg74uUX8kShcA44ni - Litecoin: LbyhaTESx3uQvwwd9So4sGSpi4tTJLKBdz - Ethereum: 0x0694E0704c70D8d178dd2e9522FC59EBBEe86748 ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community9 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 66.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 2440d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/ad627a2d8fe16725eb7c9cdde9f4e92e26bf3fbf4c5baf3b9eebca58c8168941?d=identicon)[0x0000](/maintainers/0x0000) --- Top Contributors [![elliot-sawyer](https://avatars.githubusercontent.com/u/354793?v=4)](https://github.com/elliot-sawyer "elliot-sawyer (2 commits)")[![silverstripe-elliot](https://avatars.githubusercontent.com/u/5863816?v=4)](https://github.com/silverstripe-elliot "silverstripe-elliot (1 commits)") --- Tags securitysilverstripeowaspclickjack ### Embed Badge ![Health badge](/badges/elliotsawyer-anticlickjack/health.svg) ``` [![Health](https://phpackages.com/badges/elliotsawyer-anticlickjack/health.svg)](https://phpackages.com/packages/elliotsawyer-anticlickjack) ``` ### Alternatives [owasp/csrf-protector-php CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 222348.3k4](/packages/owasp-csrf-protector-php)[bringyourownideas/silverstripe-maintenance Toolset to help with the day by day maintenance work. 32221.8k3](/packages/bringyourownideas-silverstripe-maintenance)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 11103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker)[feejin/silverstripe-securitytemplates Custom security templates to mirror CMS 128.1k1](/packages/feejin-silverstripe-securitytemplates) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)