Which security practice helps prevent Clickjacking attacks?
The X-Frame-Options header prevents your page from being embedded in iframes on unauthorized sites, which is the primary defense against Clickjacking attacks. Set it to 'DENY' to prevent any framing, or 'SAMEORIGIN' to allow framing only by pages from the same origin. Modern browsers also support the CSP frame-ancestors directive for more granular control.