ZAP observed that the X-Frame-Options Header was set multiple times (at least twice) in the response content of several URIs (please see the ZAP report for details). Although not a confidentiality or integrity issue, it is possible for redundant header entries to cause a malfunction in some web browsers, possibly disabling the click-jacking protection afforded by the X-Frame-Options header element. It is recommended that only one X-Frame-Options Header entry be employed by appropriate webserver configuration changes.
ZAP observed that the X-Frame-Options Header was set multiple times (at least twice) in the response content of several URIs (please see the ZAP report for details). Although not a confidentiality or integrity issue, it is possible for redundant header entries to cause a malfunction in some web browsers, possibly disabling the click-jacking protection afforded by the X-Frame-Options header element. It is recommended that only one X-Frame-Options Header entry be employed by appropriate webserver configuration changes.
ZAP report is here https://baldin.crc.nd.edu/CRC-Restricted/ScanResults/PresQT/2020/PresQT_QA_ZAP_Scan.html You may need to be on campus or use vpn to follow link.