Lack of Security Headers

Disclosed by
F_Robot
  • Program 20 Minuten
  • Disclosed date over 2 years ago
  • Priority P5 Bugcrowd's VRT priority rating
  • Status Informational This vulnerability is seen as an accepted business risk
Summary by F_Robot

X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks

Report details

  • Submitted

  • Target Location

    https://videoplayer.20min.ch

  • Target category

    Web App

  • VRT

    Server Security Misconfiguration > Lack of Security Headers > X-Frame-Options

  • Priority

    P5
  • Bug URL
    https://screenplayer.20min.ch/de/category/1?key=064189e2a35455d82f5c7fc7e49dd9ee&theme=dark
  • Description

    X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks

Activity