HTML, Javascript, CSS based, environmentless site (no webserver needed, it1s just a html file. Open with your browser.)
Note that this script does a real check in your browser. That means, it may work differently in another browser - especially in older ones.
Check:
- Cross origin (Can I read the site? If yes, you are also able to read any sensitive data from the user's account)
- X-Frame-Options (can I load site to an iframe - if yes, vulnerable to clockjacking)
Another fancy, command line clickjacking tester I found: https://github.com/D4Vinci/Clickjacking-Tester