package com.atlassian.applinks.internal.common.net;

import com.google.common.annotations.VisibleForTesting;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.tools.view.context.ViewContext;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/applinks-plugin-9.0.13.jar:com/atlassian/applinks/internal/common/net/ResponseHeaderUtil.class */
public final class ResponseHeaderUtil {

    @VisibleForTesting
    static final String HEADER_XFRAME_OPTIONS = "X-Frame-Options";

    @VisibleForTesting
    static final String HEADER_CONTENT_SECURITY_POLICY = "Content-Security-Policy";

    private ResponseHeaderUtil() {
    }

    public static void preventCrossFrameClickJacking(@Nonnull HttpServletResponse httpServletResponse) {
        Objects.requireNonNull(httpServletResponse, ViewContext.RESPONSE);
        httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
        httpServletResponse.setHeader("Content-Security-Policy", "frame-ancestors 'self'");
    }
}
