Investigate "Vulnerable to Clickjacking" pentest alarm #77
Description
The script-server was tested with one penetration testing utility and there was one alarm:
Web Application Potentially Vulnerable to Clickjacking
This should be investigated and protected if needed
Possible solution:
Return the X-Frame-Options or Content-Security-Policy (with the 'frame-ancestors' directive)
HTTP header with the page's response. This prevents the page's content from being rendered
by another site when using the frame or iframe HTML tags.