I am getting below alerts when we test our URL on ZAP tool:
We have successfully set X-Frame-options and X-content type-options in REST and Servlet calls. But don't know how to set those in html and Javascripts?
can anyone suggest the solution.
答案 0 :(得分:0)
The X-Frame-Options header is added on the server-side, not the client. This is because the header is used to control how the browser should render the page.
Whatever server is hosting your file would have to add this header. From here