JennaySDavis
commented
10 months ago The following WebApp Scan finding was from the decommissioned SPCS; this finding is not valid with the new SPCS.
Open JennaySDavis opened 11 months ago
JennaySDavis
commented
10 months ago The following WebApp Scan finding was from the decommissioned SPCS; this finding is not valid with the new SPCS.
JennaySDavis
commented
9 months ago We are waiting on Tri and the security team to remove this issue from the POAM before closing the ticket.
JennaySDavis
commented
5 months ago The Missing X-Frame-Options Header is set by cloud.gov unless we are overriding it through the application. I confirmed that we are not overriding that response value in any of our applications. Documentation can be found [here (https://cloud.gov/docs/management/headers/). cloud.govcloud.gov Security-related HTTP headers | cloud.gov By default, cloud.gov sets several security-related HTTP headers if your application does not: X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Pr...
This issue has been resolved and is no longer listed on the June Vulnerability Scan.
Issue Level: Low First Discovered: 10/12/2018 Remediation Date: 2/9/2019