X-Frame-Options header not set for some pages
Reported by Dimitris Apostolou | February 9th, 2014 @ 11:53 PM
Description:
X-Frame-Options header is not included in the HTTP response to
protect against 'ClickJacking' attacks.
Vulnerable pages:
GET: http://gpgtools.org/piwik/piwik.php?idsite=1&rec=1
GET: https://gpgtools.org
GET: https://gpgtools.org/
GET: https://gpgtools.org/css/font.14.css
GET: https://gpgtools.org/css/main.1386177977.css
GET: https://gpgtools.org/css/normalize.css
GET: https://gpgtools.org/donate.html
GET: https://gpgtools.org/gpgsuite.html
GET: https://gpgtools.org/js/jquery.scrollTo.min.js
GET: https://gpgtools.org/js/main.14.js
GET: https://gpgtools.org/js/plugins.js
GET: https://gpgtools.org/js/vendor/jquery-1.9.1.min.js
GET: https://gpgtools.org/js/vendor/modernizr-2.6.2.min.js
GET: https://gpgtools.org/news.html
GET: https://gpgtools.org/opensource.html
Solution:
Most modern Web browsers support the X-Frame-Options HTTP header,
ensure it's set on all web pages returned by your site (if you
expect the page to be framed only by pages on your server (e.g.
it's part of a FRAMESET) then you'll want to use SAMEORIGIN,
otherwise if you never expect the page to be framed, you should use
DENY).
No comments found
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Organize issues related to http://gpgtools.org
Dimitris Apostolou
Luke Le
Mento
steve