Spring default x-frame-options

Asked Nov 09 '15 at 12:47

Active Nov 09 '15 at 12:47

Viewed 2,430 times

I've recently upgraded from Spring 3.2.2 to version 4.2.1.

As a result, http response headers defaults were changed, and now it contains these parameters:

X-XSS-Protection: 1; mode=block

X-Frame-Options: DENY

X-Content-Type-Options: nosniff

How can I change the default security headers of spring?

edited Jun 20 '20 at 09:12

Community

asked Nov 09 '15 at 12:47

user1028741

Are you using spring-security ? Which version did you change from to ? AFAIK these are not added by spring-core/spring-web* only spring-security. Do you configure it in code or XML ? – Darryl Miles Nov 09 '15 at 12:55
4

X-Frame-Options http://stackoverflow.com/questions/28647136/how-to-disable-x-frame-options-response-header-in-spring-security ... For spring-security 4.0.3.RELEASE try the documentation around http://docs.spring.io/spring-security/site/docs/4.0.3.RELEASE/reference/htmlsingle/#headers-frame-options and search the page for each header. – Darryl Miles Nov 09 '15 at 12:59

0 Answers0