I noticed that Hootsuite doesn't have a protection for clickjacking so i tested if it is vulnerable to that attack and it was after submitting the report they immediately deployed a fix: The javascript code for framebusting above breaks your ordinary framing code e.g. \<\iframe \src=\"hootsuite.com\" \width\=\"500\" \height\=\"\500\"\>\<\/\iframe\>\ . Even though trying double-framing strategy (inserting the first frame into the second frame) won't work src: OWASP Defense Sheet So, how do we have been breaking it? A write up from Paulos Yibelo regarding facebook clickjacking gave me an idea. The bypass script and the output Thanks for taking time to read. To God Be the Glory.