Missing or Permissive X-Frame-Options HTTP Response Header
Info Nessus Plugin ID 50345
SynopsisThe remote web server does not take steps to mitigate a class of web application vulnerabilities.
DescriptionThe remote web server in some responses sets a permissive X-Frame-Options response header or does not set one at all.
The X-Frame-Options header has been proposed by Microsoft as a way to mitigate clickjacking attacks and is currently supported by all major browser vendors
SolutionSet a properly configured X-Frame-Options header for all requested resources.