X-Frame-Options Defined via META (Non-compliant with Spec)

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Summary

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Risk

Medium

Solution

Ensure X-Frame-Options is set via a response header field. Alternatively, consider implementing Content Security Policy's 'frame-ancestors' directive.

References

Secure Your Startup. Today.

We make your startup secure and compliant by implementing and managing the security controls your customers require.

Get Started