tomcat HTTP响应头汇总

HTTP响应头X-Content-Options：nosniff检查

Tomcat服务器配置X-Content-Type-Options、X-XSS-Protection、Content-Security-Policy、X-Frame-Options_tomcat content-security-policy-CSDN博客

打开tomcat/conf/web.xml,增加如下配置

    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
            <param-name>antiClickJackingOption</param-name>
            <param-value>SAMEORIGIN</param-value>
        </init-param>
        <async-supported>true</async-supported>
    </filter>
&lt;filter-mapping&gt;
    &lt;filter-name&gt;httpHeaderSecurity&lt;/filter-name&gt;
    &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
&lt;/filter-mapping&gt;