@Override public boolean isAuthorized(final WebContext context, final List<CommonProfile> profiles) throws RequiresHttpAction { context.setResponseHeader("X-Frame-Options", "DENY"); return true; }