Implement security headers (CSP, X-Frame-Options, etc)
Description
Our page could be easily protected against clickjacking by appliying the needed html headers.
Impact
all users
Proposal
Content-Security-Policy: frame-ancestors 'none'
X-Frame-Options: DENY
Links / references
https://infosec.mozilla.org/guidelines/web_security#x-frame-options
https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options
Edited by Nick Sellen