OWASP Clickjack filter
In addition to using a frame buster, OWASP have a clickjack filter that works with IE8+
In web.xml add these two sections:
<filter> <filter-name>ClickjackFilterDeny</filter-name> <filter-class>org.owasp.esapi.filters.ClickjackFilter</filter-class> <init-param> <param-name>mode</param-name> <param-value>DENY</param-value> </init-param> </filter> <filter-mapping> <filter-name>ClickjackFilterDeny</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>