Jump to content
Welcome to our new Citrix community!
  • 0

Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header


Velpula Siva Prasad

Question

In one of our recent Tenable (Nessus) scan of Citrix XenServer 7.1 LTSR CU2, below vulnerabilities are reported for ports 80 and 443.

 

Plugin Names:

Web Server Directory Enumeration

Web Server Uses Basic Authentication Without HTTPS (suggested solution: Make sure that HTTP authentication is transmitted over HTTPS.)

Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header (suggested solution: Set a non-permissive Content-Security-Policy frame-ancestors header for all requested resources.)

Missing or Permissive X-Frame-Options HTTP Response Header (suggested solution: Set a properly configured X-Frame-Options header for all requested resources.)

 

How to fix them? Please check if someone can help me.

 

Thanks

Siva

Link to comment

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...