< All topics


A browser-based attack vector that leverages multiple transparent layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. This technique can be used by a malicious actor to bypass cross-site request forgery tokens and execute actions in the context of the authenticated user, as if the user was executing the actions themselves.

Table of contents
Shopping cart