missing x frame options http header - Using Umbraco and getting started - our.umbraco.com

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Nikhil 54 posts 166 karma points

Jul 21, 2020 @ 10:25
0

Missing X-Frame-Options HTTP header
Vulnerability scan found that this header is missing in Umbraco response. Can I add this in the custom headers with no side effects?
```
<add name="X-Frame-Options" value="DENY" />
```
Copy Link
Steve Morgan 1348 posts 4457 karma points c-trib

Jul 21, 2020 @ 14:21
0
The inbuilt safety check inserts:
```
        <add name="X-Frame-Options" value="sameorigin" />
```
Copy Link
Nikhil 54 posts 166 karma points

Jul 21, 2020 @ 14:52
0
Had to add:
```
<httpCookies requireSSL="true" />
```
for the insecure cookie error.
Copy Link
Nikhil 54 posts 166 karma points

Jul 22, 2020 @ 14:49

0

The error for the X-Frame-Options is not present. The cookie error still appears.

Found an article:

So you want to secure your Umbraco site

Copy Link
is working on a reply...

Please Sign in or register to post replies

Write your reply to:

Editor

Preview

Draft