Details
Alert ID 10020-3
Alert Type Passive
Status release
Risk Medium
CWE 1021
WASC 15
Technologies Targeted All
Tags CWE-1021
OWASP_2017_A06
OWASP_2021_A05
POLICY_PENTEST
POLICY_QA_STD
SYSTEMIC
WSTG-V42-CLNT-09
More Info Scan Rule Help

Summary

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Solution

Ensure X-Frame-Options is set via a response header field. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/AntiClickjackingScanRule.java