Check whether your site can be embedded in an iframe on another website — the basis of clickjacking attacks.
Clickjacking attacks embed your site in a transparent iframe and overlay fake UI elements to trick users into clicking buttons or links they cannot see.
Protection requires X-Frame-Options: DENY and/or Content-Security-Policy: frame-ancestors 'none'.
Want a full security audit across 18+ checks? Run a full site scan →