Details
Alert Id 10020-2
Alert Type Passive
Status release
Risk Medium
CWE 1021
WASC 15
Technologies Targeted All
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-CLNT-09

Summary

X-Frame-Options (XFO) headers were found, a response with multiple XFO header entries may not be predictably treated by all user-agents.

Solution

Ensure only a single X-Frame-Options header is present in the response.

References

Code

org/zaproxy/zap/extension/pscanrules/AntiClickjackingScanRule.java