Hello,
We are running vulnerability scan assignment and I've got a scan report today detecting a possible clickjacking vulnerability on our openfire web server application.
The following pages do not use an X-Frame-Options response header
http://openfireserveripaddress:7070/
http://openfireserveripaddress:9090/js/tooltips/
http://openfireserveripaddress:9090/js/jscalendar/
http://openfireserveripaddress:9090/login.jsp
http://openfireserveripaddress:9090/
http://openfireserveripaddress:9090/style/
http://openfireserveripaddress:9090/setup/
http://openfireserveripaddress:9090/js/
http://openfireserveripaddress:9090/images/
Is there any way to enable the X-Frame-Options for that pages?
Regards