I am trying to prevent clickjacking for an application that does not use any iframes. On reading I understand that the X-Frame-Options should be set to deny. However, I am not sure how to go about doing it?
Should a Filter be created? Or is it done in a javscript? ] This application has several controllers? Would the controllers have to add the header to the response?