Description of the problem: The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack. Clickjacking, also known as a 'UI redress attack', is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is 'hijacking' clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. Release version: 2.4.4 Operator snapshot version: Unknown OCP version: 4.9 Browser Info: Unknown Steps to reproduce: 1. Login into the application Using "admin1" user 2. Navigate to search >> filter 3. Intercept the request using a proxy tool 4. Apply attack value in parameter Parameter: filters Attack Value: [{"property":"kind","values":["test"]},{"property":"'b) OR (1","values":["1'"]} Actual results: Expected results: Additional info: