From 86e3f430296bba80fd49ef179b83912b07a47d49 Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@yahooinc.com>
Date: Tue, 28 Jun 2022 15:11:12 +0200
Subject: Add x-frame-options

---
 .../jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java   | 1 +
 1 file changed, 1 insertion(+)

(limited to 'jdisc-security-filters/src')

diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index 21edd1c8e10..24cd9245b61 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -18,5 +18,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
         response.setHeader("Pragma", "no-cache");
         response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
         response.setHeader("X-Content-Type-Options", "nosniff");
+        response.setHeader("X-Frame-Options", "DENY");
     }
 }
-- 
cgit v1.2.3