Enabling security with HTTP headers

You can use HTTP headers to pass security-oriented information between the server and client. Headers are available to prevent man-in-the-middle, cross-site scripting, content sniffing and clickjacking attacks.

Headers configured via wc-component.xml are applied by the Transaction Server's HttpSecurityFilter servlet filter.