1 Reply Latest reply on Nov 16, 2017 5:24 AM by makecrazy

    Click Jacking ( Vulnerability )




      Currently got PCI audit of Orin Server and got mention Vulnerability , need solution to remove this Vulnerability currently using HTTPS with certificate ( No HTTP service is running with port 80)


      Vulnerability Title: Click Jacking


      Vulnerability Solution:

      Use HTTP X-Frame-Options

      Send the HTTP response headers with X-Frame-Options that instruct the browser to restrict framing where it is not allowed.


      Service Port:





      Vulnerability Proof:


      * Running HTTPS service


      HTTP request to  https://x.x.x.x:17799/,relevance:10},{begin:/

      HTTP response code was an expected 200

      1: text/html

      HTTP header 'Content-Type' was present and matched expectation

      HTTP header 'Content-Security-Policy' not present

      HTTP header 'X-Frame-Options' not present