Vulnerabilities

X-Frame-Options Header Not Set

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Summary

X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.

Risk

Medium

Solution

Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g., it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively, consider implementing Content Security Policy's 'frame-ancestors' directive.

References

Achieve SOC2 Compliance

We make your startup SOC2 compliant by implementing and managing the required security controls for you.

Get Started

Latest Articles

View All Articles

Configure infrastructure uptime monitoring with automated alerts and uptime SLA tracking

Achieving SOC 2 compliance is a significant milestone that demonstrates your commitment to safeguarding sensitive information and building a secure foundation for your business. In this guide, we'll delve into why SOC 2 compliance is crucial and then focus on configuring infrastructure uptime monitoring with automated alerts and uptime SLA tracking.

SOC2
3
 min read

Configure encryption key management: IAM keys, KMS, encryption procedure

One of the key ways to establish and reinforce the trust of corporate clients is through SOC 2 compliance. SOC 2 is a framework designed to ensure the security of sensitive data. In this guide, we'll delve into a crucial aspect of SOC 2 compliance: configuring encryption key management. Specifically, we'll explore the management of Identity and Access Management (IAM) keys, the utilization of Key Management Service (KMS), and the implementation of encryption procedures.

SOC2
3
 min read

Configure Firewall rules - Cloud providers (security groups) and Firewall in the office (local LAN)

SOC2 compliance demonstrates your commitment to safeguarding sensitive customer data and ensuring the security, availability, and confidentiality of your systems. In this guide, we will focus on a critical aspect of SOC 2 compliance: configuring firewall rules for both cloud providers (security groups) and the local LAN in your office.

SOC2
2
 min read