TWA 0208

TWA-0208

Message

"X-Frame-Options missing"

Explanation

It is recommended that you use the X-Frame-Options header on pages which should not be allowed to render a page in a frame. It thereby provides clickjacking protection to your site users by not allowing rendering of a page in a frame. With a clickjacking attack the attacker can hijack the clicks meant for the original server and sends them to an other server.

Modern websites should not be vulnerable to this classic web attack.

Remediation

The X-Frame-Options header is easy to implement and only requires a slight web server configuration change. For more information about implementation see the documentation on MDN.

Home
Codes
TWA-00YY
- TWA-0001
TWA-01YY
TWA-02YY
- TWA-0201
- TWA-0202
- TWA-0203
- TWA-0204
- TWA-0205
- TWA-0206
- TWA-0207
- TWA-0208
- TWA-0209
- TWA-0210
- TWA-0211
- TWA-0212
- TWA-0213
- TWA-0214
- TWA-0215
- TWA-0216
- TWA-0217
- TWA-0218
- TWA-0219
- TWA-0220
- TWA-0221
- TWA-0222
- TWA-0223
- TWA-0224
- TWA-0225
- TWA-0226
- TWA-0227
- TWA-0228
- TWA-0229
- TWA-0230
TWA-03YY
TWA-04YY
- TWA-0401
- TWA-0402
- TWA-0403
- TWA-0404
- TWA-0405
- TWA-0406
- TWA-0407
- TWA-0408
- TWA-0409
- TWA-0410
TWA-05YY
- TWA-0501
- TWA-0502
- TWA-0503
- TWA-0504
TWA-06YY
- TWA-0601
- TWA-0602
- TWA-0603
- TWA-0604
TWA-07YY
- TWA-0701
TWA-08YY
- TWA-0801
- TWA-0802
- TWA-0803
- TWA-0804
- TWA-0805
- TWA-0806
- TWA-0807
- TWA-0808
- TWA-0809
- TWA-0810
TWA-09YY
- TWA-0901

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TWA 0208

TWA-0208

Message

Explanation

Remediation

Clone this wiki locally