The X-Frame-Options params for the WebAppSec provider do not match what is documented.
Since the implementation is being used (e.g., manager.xml, knoxsso.xml), the appropriate resolution is to correct the docs.
Additionally, since the Admin UI support for this was based on the docs, it also needs to be updated to produce the correct params.
Further, the X-Content-Type-Options param names should be similar in form to the X-Frame-Options param names.
The correct param names are:
The User Guide must be updated to reflect the correct X-Frame-Options param names; it currently describes xframe-options.enabled and xframe-options.value