Details
Alert Id 10020-3
Alert Type Passive Scan Rule
Status release
Risk Medium
CWE 16
WASC 15

Summary

An X-Frame-Options (XFO) META tag was found, defining XFO via a META tag is explicitly not supported by the spec (RFC 7034).

Solution

Ensure X-Frame-Options is set via a response header field.

References

Code

org/zaproxy/zap/extension/pscanrules/XFrameOptionScanRule.java