To prevent clickjacking new browsers introduced X-Frame-Options header. Although SockJS does not have any clickable elements, it would be good to send this header for hygiene. Especially for pages that are intended to be framed (htmlfile, iframe.html):
https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
https://www.owasp.org/index.php/Clickjacking#Defending_with_response_headers
To prevent clickjacking new browsers introduced
X-Frame-Optionsheader. Although SockJS does not have any clickable elements, it would be good to send this header for hygiene. Especially for pages that are intended to be framed (htmlfile, iframe.html):https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
https://www.owasp.org/index.php/Clickjacking#Defending_with_response_headers