In December 2015, Yandex introduced an algorithm that downgraded sites using clickjacking technology in search results. We received a lot of questions about how this algorithm works, and today we want to talk more about it:
1. The algorithm makes a decision based on the analysis of site data that it receives within a limited period of time. Thus, the triggering of the algorithm cannot be associated with actions on the site that were carried out 2 weeks or, moreover, a month ago - the decision is made only on the basis of current data.
2. Clickjacking is detected solely by the fact of its actual use on the site, and not by the presence of a corresponding inactive code. If the site uses a third-party service with this technology, then you should be wary of restrictions only after activating the clickjacking code.
In the graph below, you can see that after the restrictions were announced on many sites, the clickjacking code was disabled, but then, alas, webmasters began to try to enable it back.
3. Many websites do not implement clickjacking technology themselves, but receive it as part of third-party services, such as "improving sales". Often the webmaster does not even suspect that his site uses clickjacking. Please note: it is the sites that have used clickjacking that will be lowered in the search results, and not the sites of the services that provided them with this deceptive technique.
4. In total, over 15,000 sites that used clickjacking and about 50 services that provided such opportunities to client sites were discovered during the algorithm's operation.
What you need to consider in order not to get into an unpleasant situation:
Be careful when choosing the service whose code you plan to place on the site. The following should be of particular concern:
- user identification in social networks;
- providing information that the user does not indicate independently on your site;