可以将Tomcat 7配置为Content-Security-Policy: frame-ancestors 'self'在每个响应中插入HTTP标头,例如它可以插入其他安全相关的标头X-Frame-Options吗?
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options
security http tomcat7
http ×1
security ×1
tomcat7 ×1