OWASP Clickjack filter

In addition to using a frame buster, OWASP have a clickjack filter that works with IE8+

In web.xml add these two sections:

  
<filter>
  <filter-name>ClickjackFilterDeny</filter-name>
  <filter-class>org.owasp.esapi.filters.ClickjackFilter</filter-class>
  <init-param>
    <param-name>mode</param-name>
    <param-value>DENY</param-value>
  </init-param>
</filter>
  
<filter-mapping> 
  <filter-name>ClickjackFilterDeny</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
Copyright Donald Horrell 2012, 2013. All rights reserved