Nessus reports Clickjacking vulnerability
When scanning our environment with Nessus, the report came back that our Katello servers are vulnerable to Clickjacking on the URLs listed below:
Is it possible to add a X-Frame-Options response header in all content responses? If so, where should this be done at?
Thanks for any help you can give with this.
#2 Updated by Justin Sherrill almost 6 years ago
- Tracker changed from Support to Bug
- Category set to Installer
- Status changed from New to Need more information
- Difficulty set to medium
Likely you'd just add
Header always append X-Frame-Options SAMEORIGIN
and bounce apache. We should add this to the installer. Does this make Nessus happy?