you are right. "Clickjackinghash" query string parameter is a part of our protection against clickjacking attacks. It is used only in several scenarios. We are just updating our security guide (Clickjacking protection) and these scenarios will be described in more details. I will let you know when it will be done.