#128 new
Dimitris Apostolou

X-Frame-Options header not set for some pages

Reported by Dimitris Apostolou | February 9th, 2014 @ 11:53 PM

X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

Vulnerable pages:
GET: http://gpgtools.org/piwik/piwik.php?idsite=1&rec=1
GET: https://gpgtools.org
GET: https://gpgtools.org/
GET: https://gpgtools.org/css/font.14.css
GET: https://gpgtools.org/css/main.1386177977.css
GET: https://gpgtools.org/css/normalize.css
GET: https://gpgtools.org/donate.html
GET: https://gpgtools.org/gpgsuite.html
GET: https://gpgtools.org/js/jquery.scrollTo.min.js
GET: https://gpgtools.org/js/main.14.js
GET: https://gpgtools.org/js/plugins.js
GET: https://gpgtools.org/js/vendor/jquery-1.9.1.min.js
GET: https://gpgtools.org/js/vendor/modernizr-2.6.2.min.js
GET: https://gpgtools.org/news.html
GET: https://gpgtools.org/opensource.html

Most modern Web browsers support the X-Frame-Options HTTP header, ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY).

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Organize issues related to http://gpgtools.org

Shared Ticket Bins