I have Tomcat 8.0.12 installed on a Centos 7 server and I am trying to set the "X-Frame-Options" to tighten security. I do not see it in web.xml or server.xml. Is there somewhere else to set it? Does 8.0.12 not support this?
Thanks!
1 Answer
What you want is the HTTP Header Security Filter but this wasn't introduced until 8.0.23.
Further, Tomcat 8.0.x reached end of life over a year ago and is no longer supported. You should upgrade to 8.5.x or, better still, 9.0.x.
When you have a Tomcat version that supports the HTTP Header Security Filter you can configure it in your web application's web.xml.
1