1
 min read

X-Frame-Options Defined via META (Non-compliant with Spec)

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Summary

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Risk

Medium

Solution

Ensure X-Frame-Options is set via a response header field. Alternatively, consider implementing Content Security Policy's 'frame-ancestors' directive.

References

Scan and protect your web application from hackers

Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.

Thank you for registering
Oops! Something went wrong.