X-Frame-Options Header is Missing
Impact: Low
Description
The X-Frame-Options
HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>
, <iframe>
, <embed>
or <object>
. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites. Mozilla
Recommendation
Configure your server to send this header for all pages. You can see references for possible values.
References
👉 You might also like:
X-Content-Type-Options Header is Missing - Vulnerability
X-XSS-Protection Header is Missing - Vulnerability
Content-Security-Policy Header is Missing - Vulnerability
Referrer-Policy Header is Missing - Vulnerability
Last updated on February 15, 2021