Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Nikhil 54 posts 166 karma points
    Jul 21, 2020 @ 10:25
    Nikhil
    0

    Missing X-Frame-Options HTTP header

    Vulnerability scan found that this header is missing in Umbraco response. Can I add this in the custom headers with no side effects?

    <add name="X-Frame-Options" value="DENY" />
    
  • Steve Morgan 1348 posts 4457 karma points c-trib
    Jul 21, 2020 @ 14:21
    Steve Morgan
    0

    The inbuilt safety check inserts:

            <add name="X-Frame-Options" value="sameorigin" />
    
  • Nikhil 54 posts 166 karma points
    Jul 21, 2020 @ 14:52
    Nikhil
    0

    Arachni detects this error.

    Had to add:

    <httpCookies requireSSL="true" />
    

    for the insecure cookie error.

  • Nikhil 54 posts 166 karma points
    Jul 22, 2020 @ 14:49
    Nikhil
    0

    The error for the X-Frame-Options is not present. The cookie error still appears.

    Found an article:

    So you want to secure your Umbraco site

Please Sign in or register to post replies

Write your reply to:

Draft