AnsweredAssumed Answered

X-Frame-Options configured but flagged on scan

Question asked by Jay Van Kooperen on Apr 12, 2017
Latest reply on Apr 19, 2017 by Dave Ferguson

A scan report shows the target as being vulnerable to Clickjacking, QID 150081.  The header is actually configured to use the following settings:

 

X-Content-Security-Policy:allow 'self';
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN

 

I'm not certain why this is being reported as was hoping someone may be able to help me understand?

Outcomes