To prevent ClickJacking, we should set the X-Frame-Options to Deny for everything that returns HTML:
https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Preventing_Malicious_Site_Framing_.28ClickJacking.29
We'll need to make sure we don't set it on the dynamic resizer / resolver though.
To prevent ClickJacking, we should set the X-Frame-Options to Deny for everything that returns HTML:
https:/ /wiki.mozilla. org/WebAppSec/ Secure_ Coding_ Guidelines# Preventing_ Malicious_ Site_Framing_ .28ClickJacking .29
We'll need to make sure we don't set it on the dynamic resizer / resolver though.