Setting X-Frame-Options header in Vaadin HTTP responses

Is it possible to set the X-FRAME-Options header in all Vaadin http responses. I am trying out a vaadin web application and checking it with OWASP ZAP and it comes up with the following error.

“X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.”

Is it possible to set this header to DENY so that it is set like this in all HTTP responses in the application?

If you cannot configure your server to add these automatically, perhaps the HeaderTags add-on would help (though I haven’t tested it myself) - see!addon/headertags