Hi all,
Our IT auditor has performed a penetration
testing to our company intranet website, which is hosted by Apache
Tomcat 5.5.34,
java version 1.6. They told us the website is suffering from Clickjacking Attacks (
https://www.owasp.org/index.php/Clickjacking), and the solution is to configure the web server to send X-FRAME-OPTIONS:DENY on the HTTP response header.
Bros, I would like to know if Tomcat could set this config? I have googled this issue, and I could only find article to set Apache this option but not Tomcat.... thanks everyone and hope some experts here can help me out
Regards,
Jo