id: missing-x-frame-options info: name: Clickjacking (Missing XFO header) author: kurohost severity: low tags: misc,generic requests: - method: GET path: - "{{BaseURL}}" redirects: true max-redirects: 2 matchers: - type: dsl dsl: - "!contains(tolower(all_headers), 'x-frame-options')"