Is it possible to set the X-FRAME-Options header in all Vaadin http responses. I am trying out a vaadin web application and checking it with OWASP ZAP and it comes up with the following error.
“X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.”
Is it possible to set this header to DENY so that it is set like this in all HTTP responses in the application?