AnsweredAssumed Answered


Question asked by wikedstik on Nov 20, 2015
Latest reply on Nov 20, 2015 by wikedstik

My scans are saying that my website has the 1519121 vulnerability and " The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN"


However, when I run a curl scan on it I clearly see the X-Frame-Options: SAMEORIGIN in the header.


My web.config file has the following:





        <add name="X-FRAME-OPTIONS" value="SAMEORIGIN" />




    <error statusCode="403" subStatusCode="4" path="https://<SNIP></SNIP>" responseMode="Redirect" />



            <access sslFlags="Ssl" />




Any ideas?