🔒 Surf Clickjacking Protection Test Page

Test clickjacking detection and protection features. Enable your extension and try the tests below.

Test 1: Vulnerable Page (No Frame Protection)

This page has NO X-Frame-Options or CSP frame-ancestors headers.

⚠️ Vulnerable: This page can be embedded in any iframe

Expected: Your extension should detect this as a clickjacking risk when embedded.

Test 2: Protected Page (X-Frame-Options: DENY)

This page has X-Frame-Options: DENY header.

✅ Protected: This page cannot be embedded

Expected: Browser should block embedding, extension should not trigger alert.

Test 3: Cross-Origin Embedding Test

Test embedding a page from a different origin.

Enter URL to embed:

Test 4: Frame-Busting Detection

Test detection of pages that try to break out of frames.

Test 5: Real-World Test Sites

Test with actual websites:

Recommended Test Sites:
• https://example.com - Usually allows embedding
• https://httpbin.org/headers - Shows headers
• https://www.google.com - Usually protected (DENY)
• https://github.com - Usually protected
• https://stackoverflow.com - Usually protected