1
 min read

X-Frame-Options Setting Malformed

An X-Frame-Options header was present in the response but the value was not correctly set.

Summary

An X-Frame-Options header was present in the response but the value was not correctly set.

Risk

Medium

Solution

Ensure a valid setting is used on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g., it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise, if you never expect the page to be framed, you should use DENY. Alternatively, consider implementing Content Security Policy's 'frame-ancestors' directive.

References

Scan and protect your web application from hackers

Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.

Thank you for registering
Oops! Something went wrong.