cancel
Showing results for 
Search instead for 
Did you mean: 

APM X-Frame-Options Header missing on initial redirect

alex100
Cirrus
Cirrus

HI all,

 

Issue: Security scanner detects a X-Frame-Options header missing in the initial redirect response from APM. When https://myapplication.mydomain.com/ (which is behind APM) gets requested, the initial response is a redirect to https://myapplication.mydomain.com/my.policy. The 302 response does not contain X-Frame-Options and following response from /my.policy does. Obviously this more of the scanner logic issue than APM, however in reality most of applications will insert X-Frame-Options in the 302. Is there a way to enforce X-Frame-Options on APM redirects?

Thanks,

0 REPLIES 0