Missing X-Frame Options Header - prod.app.cloud

[JennaySDavis]

Report Name: Production - https://smartpay-899-prod.app.cloud.gov/ - January 2024 https://drive.google.com/drive/folders/1BHO0cG7YaMluNvYFI2oJFtElKmlNIzjB

[JennaySDavis]

The Missing X-Frame-Options Header is set by cloud.gov unless we are overriding it through the application. I confirmed that we are not overriding that response value in any of our applications. Documentation can be found [here (https://cloud.gov/docs/management/headers/). cloud.govcloud.gov Security-related HTTP headers | cloud.gov By default, cloud.gov sets several security-related HTTP headers if your application does not: X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Pr...

This issue has been resolved and is no longer listed on the June Vulnerability Scan.