Forum Discussion

alex100's avatar
alex100
Icon for Cirrostratus rankCirrostratus
Jul 14, 2020

APM X-Frame-Options Header missing on initial redirect

HI all,

 

Issue: Security scanner detects a X-Frame-Options header missing in the initial redirect response from APM. When https://myapplication.mydomain.com/ (which is behind APM) gets requested, the initial response is a redirect to https://myapplication.mydomain.com/my.policy. The 302 response does not contain X-Frame-Options and following response from /my.policy does. Obviously this more of the scanner logic issue than APM, however in reality most of applications will insert X-Frame-Options in the 302. Is there a way to enforce X-Frame-Options on APM redirects?

Thanks,

No RepliesBe the first to reply