点击劫持：X-Frame-Options未配置

解决方案：设置X-Frame-Options参数即可
具体操作步骤如下：
在上面filter基础上添加即可解决

httpResp.addHeader("x-frame-options","DENY");

附上源码：

package com.sinosoft.fis.util;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * 功能描述:
 * 

 *   1.Cookie 设置 httpOnly属性 Cookie 
 *   2.设置 httpOnly属性防止js读取cookie
 * 
 *
 * @author gblfy
 */
public class CookieHttpOnlyFilter implements Filter {

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		if (!(request instanceof HttpServletRequest)) {
			chain.doFilter(request, response);
			return;
		}
		HttpServletRequest httpReq = (HttpServletRequest) request;
		HttpServletResponse httpResp = (HttpServletResponse) response;
		Cookie[] cookies = httpReq.getCookies();
		if (cookies != null) {
			Cookie cookie = cookies[0];
			if (cookie != null) {
				HttpSession session = httpReq.getSession();
				if (session != null) {
					String sessionId = session.getId();
					// http设置
					httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId + "; Path=/fis; HttpOnly");
					httpResp.addHeader("x-frame-options","DENY");
//					httpResp.addHeader("x-frame-options","SAMEORIGIN");
					// https设置
//	                    httpResp.addHeader("Set-Cookie", "JSESSIONID=" + sessionId
//	                            + "; Path=/admin;Secure; HttpOnly");
				}
			}
		}
		chain.doFilter(httpReq, httpResp);

	}

	public void destroy() {
	}

	public void init(FilterConfig filterConfig) throws ServletException {
	}

}

谷歌测试效果图：

漏洞参考连接：
https://www.cnblogs.com/wdnnccey/p/6476518.html