Manage Engine Web Application Potentially Vulnerable to Clickjacking - Return the X-Frame-Options HTTP header with the page's response.

Manage Engine Web Application Potentially Vulnerable to Clickjacking - Return the X-Frame-Options HTTP header with the page's response.

P o rt
443
P ro to co l
TCP
Service
www
T itle
Web Application Potentially Vulnerable to Clickjacking
and is currently supported by all major browser vendors. Note that while the XFrame-
Options response header is not the only mitigation for clickjacking, it is
currently the most reliable method to detect through automation. Therefore, this
plugin may produce false positives if other mitigation strategies (e.g frame-busting
JavaScript) are deployed or if the page does not perform any security-sensitive
transactions. See also : http://www.nessus.org/u?1bced8d9
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
http://en.wikipedia.org/wiki/Clickjacking

R es o lutio n:
Return the X-Frame-Options HTTP header with the page's response. This prevents
the page's content from being rendered by another site when using the frame or
iframe HTML tags.

We received the above failing from PCI compliance for the manage engine application, how do we make the change in TomCat 7.0?

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products