AnsweredAssumed Answered

150081 X-Frame-Options header is not set

Question asked by Greg Mercer on Apr 15, 2019
Latest reply on Apr 19, 2019 by Greg Mercer
Anyone have any ideas on why Qualys would be saying that we have this error:

150081 X-Frame-Options header is not set

But when I look at the headers using a chrome extension for this url I see this which seems to have the X-Frame-Option set:

GET /profiles/gsb_public/themes/gsb_theme/fonts/236F40_2_0.ttf HTTP/1.1
Host: XXXX-XXXX.xxxxxx.stanford.edu:443
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
SUPRIVILEGEGROUP: gsb_acl:staff
UNIVID: 09690481
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36

HTTP/1.1 200
accept-ranges: bytes
access-control-allow-origin: *
age: 212333
cache-control: max-age=1209600
content-length: 33976
content-security-policy: default-src 'self'
date: Mon, 15 Apr 2019 13:43:09 GMT
expires: Sat, 27 Apr 2019 02:44:15 GMT
last-modified: Thu, 11 Apr 2019 07:24:42 GMT
server: nginx
status: 304
via: varnish
x-ah-environment: test
x-cache: HIT
x-cache-hits: 7
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: v-0727cfc8-5d96-11e9-af45-1774bca15dbf
x-xss-protection: 1; mode=block

Outcomes