🔒 Clickjacking (Click Hijacking):

• The attacker tricks you into clicking on something without realizing what you're actually clicking.
• For example, they might hide a "Delete Account" button under a harmless-looking button like "Play Video".
• So you perform the action unknowingly, but it's still you who clicked the button.

🔒 CSRF (Cross-Site Request Forgery):

• In this case, the attacker sends a fake request to a website on your behalf—for example, to transfer money or change your email.
• You don’t click anything related to the attack, but it works because you’re already logged in, and the website thinks the request is coming from you.
• No interaction is needed from your side, it just uses your active session to perform the action.

✅ Key Difference:

• Clickjacking = You are tricked into clicking.
• CSRF = You don’t click; the attacker forges the request without you knowing.