How to set HTTP Headers like X-Frame-Options in EAP 7?

Solution Verified - Updated -

Issue

  • X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks
  • We recently had a penetration test done of your JBoss EAP 7 systems and the issue of XSS protection was raised
  • We need to add http response headers to fix QID-11827
  • How to configure headers separately for each application context in case of multiple applications are deployed in EAP.

Environment

  • Red Hat Enterprise Application Platform(EAP)
    • 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content