I am trying to add click-jacking protection for our Grafana setup.
I was going through the discussion on git repo (https://github.com/grafana/grafana/pull/6838) but it seems Grafana is not going to support it.
Is there any alternate approach to set “X-Frame-Options DENY” in response header?
If you’re worried about click-jacking you should definitely be running grafana behind an nginx proxy doing TLS termination, in which case you can use add_header to set that header on all responses.
thanks @dcech for your suggestions. Probably we will go ahead with your suggested approach.