SAP Knowledge Base Article - Preview

3433420 - Automated Scans Doesn’t Return Values of X-Frame-Options for Cloud for Customer

Symptom

  The server did not return an X-Frame-Options header with the value DENY or SAMEORIGIN, which means that the system could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page inside a frame or Iframe.


Read more...

Environment

SAP - Cloud for Customer

Product

SAP Cloud for Customer core applications 2311

Keywords

Security, X-Frame-Options, Automated ,Scans ,Iframe ,Cloud for Customer, Clickjacking, attack, Deny, Sameorigin , KBA , LOD-CRM-SEC , Security Topics , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.