Is it okay to only provide clickjacking protection on the login page?
I have a question about Clickjacking.
The question is quite simple. Imagine a login flow like this:
You visit the application login page, eg https://example.com/login.html. There is no Clickjacking protection (i.e. the X-… Continue reading Is it okay to only provide clickjacking protection on the login page?