Clickjacking vulnerability in Minecraft.net and Mojang.com

Neither Minecraft.net nor Mojang.com set the HTTP X-Frame-Options header, and thus are vulnerable to UI redressing or "clickjacking" attacks. Some basic functions that might be particularly vulnerable are the "Reset Skin" button, and the "Rename Profile" button if the user uses a password manager. I don't have realms, but I'd imagine the realms control panel also has similar issues.