Webmaster. Feedback


Clickjacking is a hacking trick used to get user's personal information without them being aware of it.

Visitors on a site that uses clickjacking may unwittingly subscribe to a social network or “like” a clip. The site can then automatically determine what the user's account is, so that the owner can exploit the user's personal information. For example, phone numbers can be used to make annoying sales calls.

Typically, clickjacking is implemented by creating invisible elements on top of buttons, forms, videoclips, etc. These invisible elements may even move along with the cursor on the page. Usually special services are used to implement this mechanism.

Yandex found this violation on my site. How can I fix it?

You will need to get rid of any clickjacking elements. You don't have to refuse a service wholesale if it offers clickjacking along with other techniques. Just refuse to clickjack. However, please note that clickjacking is a form of malicious hacking and you might want to consider if services that offer this technique are trustworthy. If you want to ensure that your site faces no restrictions, then we recommend refusing any services that implement clickjacking.

After deleting the corresponding code from your site, click I've fixed everything in the Violations section in Yandex.Webmaster. This way the bot will know that you've made changes.


The I've fixed everything feature is available once per month for each individual site. Keep this in mind and only click it when you're absolutely sure that you've taken care of all the violations present on your site.

If several people have management rights to your site, a specific person should be delegated to re-send the site for checking at a particular time. None of the admins will be able to use the button again for a month.

I deleted everything. When will the restrictions be removed?

Restrictions are usually lifted within two weeks after the problem has been fixed. If clickjacking is found on your site a second time, the restrictions may be enforced for a longer time period.

I'm sure that there is no clickjacking on my site. What should I do?

Click I've fixed everything. If there really is no clickjacking on your site, then the restrictions will be lifted.

I don't understand this stuff. Where would I find this code? On what pages?

Clickjacking can be implemented in different ways. It is usually found on services that the site uses, rather than on the sites themselves. For example, on the feedback system.

Try to recall what third-party services you use on your site and get in touch with their tech support departments.

I've done all this, but the restrictions haven't been lifted

Make sure that you don't have any programming code on your site that could be used to clickjack. It might be the case that your site uses a few different services that provide clickjacking technology.

Also check that enough time has passed (more than two weeks) since you clicked the button. If this isn't the case, it's possible that our algorithms haven't had time to track your site changes. You can also write to Support and we will try to answer your questions as quickly as possible.

Rate this article
Thank you for your feedback!