Security Headers

Spring Security enables many HTTP security headers by default. This is according to recommendations and best practices.

However, there may be scenarios where you want to customize or disable some of them (for example, to run the Panopticon JavaScript API examples).

The headers.frame-options.policy property controls the X-Frame-Options header. Valid values are DENY (default), SAMEORIGIN, or blank (to disable).

(c) 2013-2024 Altair Engineering Inc. All Rights Reserved.

Intellectual Property Rights Notice | Technical Support