<filter-name>charset-to-utf8-filter</filter-name>\r
<url-pattern>/app/ui/*</url-pattern>\r
</filter-mapping>\r
+ <filter>\r
+ <filter-name>httpHeaderSecurity</filter-name>\r
+ <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>\r
+ <async-supported>true</async-supported>\r
+ <init-param>\r
+ <param-name>antiClickJackingEnabled</param-name>\r
+ <param-value>true</param-value>\r
+ </init-param>\r
+ <init-param>\r
+ <param-name>antiClickJackingOption</param-name>\r
+ <param-value>DENY</param-value>\r
+ </init-param>\r
+ </filter>\r
+ <filter-mapping>\r
+ <filter-name>httpHeaderSecurity</filter-name>\r
+ <url-pattern>/*</url-pattern>\r
+ </filter-mapping>\r
\r
<error-page>\r
<error-code>404</error-code>\r