21 lines
505 B
YAML
21 lines
505 B
YAML
id: missing-x-frame-options
|
|
|
|
info:
|
|
name: Clickjacking (Missing XFO header)
|
|
author: kurohost
|
|
severity: low
|
|
|
|
# This is an valid issue "only" when you able to frame authenticated page with poc to make state changing actions.
|
|
# Without working poc, do not report this.
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
redirects: true
|
|
max-redirects: 2
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "!contains(tolower(all_headers), 'x-frame-options')" |