Here, we will see an approach that we will use in order to identify whether the website is vulnerable to clickjacking. We will use a simple Python script that will check whether Strict-Transport-Security is present in the response header rendered by the application. We will name the script HSTS_detector.py and put the following content in it:

Let's run the script and see if the application DVWA is protected against Clickjacking or not: