X-Frame-Options Setting Malformed

An X-Frame-Options header was present in the response but the value was not correctly set.

Summary

An X-Frame-Options header was present in the response but the value was not correctly set.

Risk

Medium

Solution

Ensure a valid setting is used on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g., it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise, if you never expect the page to be framed, you should use DENY. Alternatively, consider implementing Content Security Policy's 'frame-ancestors' directive.

References

Secure Your Startup. Today.

We make your startup secure and compliant by implementing and managing the security controls your customers require.

Get Started