JennaySDavis
commented
4 months ago The Missing X-Frame-Options Header is set by cloud.gov unless we are overriding it through the application. I confirmed that we are not overriding that response value in any of our applications. Documentation can be found [here (https://cloud.gov/docs/management/headers/). cloud.govcloud.gov Security-related HTTP headers | cloud.gov By default, cloud.gov sets several security-related HTTP headers if your application does not: X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Pr...
This issue has been resolved and is no longer listed on the June Vulnerability Scan.
Report Name: Production - https://smartpay.gsa.gov/ - January 2024 https://drive.google.com/drive/folders/1BHO0cG7YaMluNvYFI2oJFtElKmlNIzjB