AnsweredAssumed Answered

X-Frame-Options

Question asked by wikedstik on Nov 20, 2015
Latest reply on Nov 20, 2015 by wikedstik

My scans are saying that my website has the 1519121 vulnerability and " The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN"

 

However, when I run a curl scan on it I clearly see the X-Frame-Options: SAMEORIGIN in the header.

 

My web.config file has the following:

 

<system.webServer>

    <httpProtocol>

      <customHeaders>

        <add name="X-FRAME-OPTIONS" value="SAMEORIGIN" />

      </customHeaders>

    </httpProtocol>

    <httpErrors>

    <error statusCode="403" subStatusCode="4" path="https://<SNIP></SNIP>" responseMode="Redirect" />

    </httpErrors>

        <security>

            <access sslFlags="Ssl" />

        </security>

  </system.webServer>

 

Any ideas?

Outcomes