JennaySDavis
commented
1 week ago The Missing X-Frame-Options Header is set by cloud.gov unless we are overriding it through the application. I confirmed that we are not overriding that response value in any of our applications. Documentation can be found [here (https://cloud.gov/docs/management/headers/). cloud.govcloud.gov Security-related HTTP headers | cloud.gov By default, cloud.gov sets several security-related HTTP headers if your application does not: X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Pr...
This issue has been resolved and is no longer listed on the June Vulnerability Scan.
Reported Date: 1/17/2024 Remediated By Date: 4/10/2024
URL: - https://889.smartpay.gsa.gov/ - January 2024
https://drive.google.com/open?id=1f89Hl93XRq07ThhxMvkd-VpiNSJfg47D&usp=drive_copy Report Name: Production - https:/smartpay-899.smartpay.gsa.gov/