I. Introduction
Clickjacking attack was introduced by Robert Hansen and Jeremiah Grossman in 2008, to steal user initiated mouse clicks to perform actions that the user is not interested in. The attacker achieves the goal by choosing a clickable region on a web page e.g. the region where the login button on the webpage is located and user is asked to enter his or her username and password. On clicking, malicious web page loads from the website inside an iframe, which makes use of Cascading Style Sheets (CSS) to hide all the content on the website except the targeted region. In that region, Clickjacking is used to trick the user on the button or routing him to another web page. It may be transparent or overlapped by another element on the website. Technically, both the JavaScript and CSS are used to place the iframe under the mouse cursor to make user click in the targeted region resulting a malicious action the attacker is intended to do [1]. The vulnerability can occur in all the browsers to embed the code or a script of Clickjacking, which executes without the user's knowledge. Clickjacking attack can cause several threats like stealing personal data such as bank account information, credit card information and social security numbers or installing software applications on a computer.