Talk:Clickjacking Protection for Java EE
I have implemented this in tomcat 5.5.31 but I didn't get it to work. First I got an error that the java version was wrong. So I recompiled the class using the same sdk version I use for the tomcat. This removed the error messages and everything looks dandy. Problem is that the sites are still "framable" in both Internet Explorer 8 and Firefox 5. Clearly I'm doing something wrong but I can't just seem to figure out what.
Is there a way to check if the headers are being sent out as suppossed to, or any other test to check what I'm doing wrong?