Preventing Clickjacking and Writing Code to Prevent Clickjacking

[maryt6886]

Site URL: http://thecoalyardcafe

We are a small cafe that uses TSYS to accept credit card payments from customers and our web page was created through Squarespace.  Every quarter, we are subjected to TSYS PCI compliance to ensure that our credit card system is secure.  For the very first time, we did not pass compliance this quarter because our website is vulnerable to "clickjacking."  I am not a web designer or programmer so I do not know how to go about fixing this problem.  I read several online blogs and watched a number of Youtube videos and if I understand correctly, I need to write some code that says, "X-Frame-Options-Deny" or "X-Frame-Options-Sameorigin" for each of the links I have in our webpage (history, drinks, entrees, and anywhere else you can link on the webpage).  What are the steps to write code in a Squarespace webpage/domain?  Is anyone familiar with "clickjacking" and can help us resolve this problem?  We would greatly appreciate it.  Thanks!   

[paul2009]

1 hour ago, maryt6886 said:

We are a small cafe that uses TSYS to accept credit card payments from customers and our web page was created through Squarespace. For the very first time, we did not pass compliance this quarter because our website is vulnerable to "clickjacking."

I don't fully understand your question because Squarespace websites do not require independent PCI compliance testing and their sites do not use TSYS for payment processing.

Can you explain a little more? Are you taking orders via the website?

Regarding clickjack protection, this can be enabled in Settings > Advanced > Website Protection. This setting protects your site and visitors from UI redress attacks (also known as clickjacking), which are attempts to trick visitors into clicking a link that takes action on another, hidden site.

[ShortAngryViking]

thanks @paul2009 Legend