2020-08-20 19:17:46 +00:00
|
|
|
id: missing-x-frame-options
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Clickjacking (Missing XFO header)
|
|
|
|
author: kurohost
|
|
|
|
severity: low
|
2021-08-11 08:00:45 +00:00
|
|
|
tags: misc,generic
|
2020-08-20 19:17:46 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}"
|
|
|
|
|
|
|
|
redirects: true
|
|
|
|
max-redirects: 2
|
|
|
|
matchers:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
2021-08-11 08:00:45 +00:00
|
|
|
- "!contains(tolower(all_headers), 'x-frame-options')"
|