Merge pull request #23265 from vespa-engine/mortent/update-security-headers

Add x-frame-options
author: Morten Tokle <mortent@yahooinc.com> 2022-06-28 23:19:20 +0200
committer: GitHub <noreply@github.com> 2022-06-28 23:19:20 +0200
commit: 1dff254213b5977d1196e0160de82a582a623a72 (patch)
tree: 71280575f5841b78b141359e5407911e6933d0bb
parent: 28863e5e37882c33f4127cd1ef83204584149766 (diff)
parent: 86e3f430296bba80fd49ef179b83912b07a47d49 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index 21edd1c8e10..24cd9245b61 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -18,5 +18,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
         response.setHeader("Pragma", "no-cache");
         response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
         response.setHeader("X-Content-Type-Options", "nosniff");
+        response.setHeader("X-Frame-Options", "DENY");
     }
 }
author	Morten Tokle <mortent@yahooinc.com>	2022-06-28 23:19:20 +0200
committer	GitHub <noreply@github.com>	2022-06-28 23:19:20 +0200
commit	1dff254213b5977d1196e0160de82a582a623a72 (patch)
tree	71280575f5841b78b141359e5407911e6933d0bb
parent	28863e5e37882c33f4127cd1ef83204584149766 (diff)
parent	86e3f430296bba80fd49ef179b83912b07a47d49 (diff)