Yes, you need it on every page, or it's pointless -- if a given page is unprotected, then a malicious actor can put it in a frame and do whatever he or she wants to it, including, say, making it look like a checkout form.
The easiest way to do this will be to put it in an external script that you load for each page; don't put the script itself in each page. If you have any kind of template system, it's even easier; just add it once to your header file.