I have angular/Node/Sails setup and when I call the site it always redirects to a default state and all the calls in network have X-Frame-Options turned on and displayed in the calls but when I am trying to use comand curl -v https://{SiteURL}/ in the command details it does not list X-Frame-Option at all.
Also, If I use curl -v https://{SiteURL}/{DefaultState} it has X-Frame-Options header defines in the detail it returns.
I am using the clickJacking solution mentions on sailsJS document link mentions below. https://sailsjs.com/documentation/concepts/security/clickjacking
I was expecting it would work out of the box by anyway we test it.