⇤ Web Application Header Assessment
Required for HTTP/1.0
Properly setting X-Frame-Options helps prevent clickjacking attacks by not allowing the browser to render this page in a frame. The X-Frame-Options header is defined in RFC-7034. The only valid options for this header are DENY
and SAMEORIGIN
. Though ALLOW-FROM
is ignored by modern browsers, it does not currently negatively impact the Web Application Headers grade.
See finding messages.
- September 12, 2023: Separated finding messages.
- October 1, 2020:
ALLOW-FROM
is no longer good security practice.
Feedback
0 comments
Please sign in to leave a comment.