Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

CssImport when using Component Exporter by Mikhail Shabarov, 4 weeks ago
Recent Posts
Vaadin Forum3. Vaadin 6, 7, 8

Setting X-Frame-Options header in Vaadin HTTP responses

John Melody
5 years ago Feb 09, 2017 9:57am

Is it possible to set the X-FRAME-Options header in all Vaadin http responses. I am trying out a vaadin web application and checking it with OWASP ZAP and it comes up with the following error.

"X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks."

Is it possible to set this header to DENY so that it is set like this in all HTTP responses in the application?

Henri Sara
5 years ago Feb 17, 2017 7:14am

If you cannot configure your server to add these automatically, perhaps the HeaderTags add-on would help (though I haven't tested it myself) - see https://vaadin.com/directory#!addon/headertags .