Recently a was working on X-Frame-Options and discovered that Tomcat 7 and 8 doesn't support that solution for Clickjacking security. One of the solution is to hide Tomcat behind Apache , but it can't be done. Is there anyone who knows if there are any plans to implement it eg. as a tag in server.xml file ? Thanks for your attention
- X-Frame-Options header Dariusz Gorczyca
- Re: X-Frame-Options header Mark Thomas
- Re: X-Frame-Options header Christopher Schultz
