tatum.net - design is broken

[aUsABuisnessman]

URL: https://tatum.net

Browser / Version: Edge 121.0.0 Operating System: Windows 10 Tested Another Browser: Yes Chrome

Problem type: Design is broken Description: Items are overlapped Steps to Reproduce: The response does not include either Content-Security-Policy with 'frame-ancestors' directive of X-Frame-Options to protect againt 'Click jacking' attacks.

Browser Configuration

• None

From webcompat.com with ❤️

[aUsABuisnessman]

Modern Web browsers support the Content-Security-Policy and X-Frames-Options HTTP Headers. Ensure one of them is set on all web pages returned by your site/app. If you expect the page to be framed only by pages on your server, then youll want to use SAMEORIGIN , otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Conten-Security-Policy "frame-ancestors'', directive.

OWASP_2021_A05 https://owasp.org/Top10/A05_2021-Security_Misconfiguration/

[softvision-raul-bucata]

We appreciate your report. Unfortunately having insufficient details about the issue you submitted, we cannot help you with it. Please leave a comment with more details regarding the issue you are facing and steps to reproduce it, or file a new report with specific details and we will gladly investigate this further.

notes: The page is not secured on all browsers.

[qa_08/2024]

[softvision-raul-bucata]

Unfortunately being unable to reproduce the issue you are experiencing, we cannot help you with it. Please leave a comment with more details, or file a new report and we will gladly investigate this further. This will be closed as Incomplete.

[inv_09/2024]