...
PRAC-890: Clickjacking protection enabled
We have enabled security feature for the application server protecting it from the Clickjacking attacks. Protection adds X-Frame-Options: SAMEORIGIN HTTP header to the server response which can be used by supported browsers.
For more information about Clickjacking please see https://en.wikipedia.org/wiki/Clickjacking. For more information about implementation see documentation.
4.1.8 - 19th February 2016
...