- September 12, 2023: Separated finding messages.
- October 1, 2020:
ALLOW-FROMis no longer good security practice.
⇤ Web Application Header Assessment
Required for HTTP/1.0
Properly setting X-Frame-Options helps prevent clickjacking attacks by not allowing the browser to render this page in a frame. The X-Frame-Options header is defined in RFC-7034. The only valid options for this header are DENY and SAMEORIGIN. Though ALLOW-FROM is ignored by modern browsers, it does not currently negatively impact the Web Application Headers grade.
See finding messages.