HTTP Security Header Not Detected

Aleks
Aleks used Ask the Experts™
on
We ran a vulnerability scan and got this alert:  HTTP Security Header Not Detected
Description:  This QID reports the absence of the following HTTP headers according to CWE-693: Protection Mechanism Failure

How can we fix this issue?
We are running the application on IIS7
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
Commented:
You can test out to see if the response have any of these, or similar security header with "X"
X-Frame-Options:
X-XSS-Protection:
X-Content-Type-Options:
If there isnt then the findings are not false positive and based on the web server you have, set the configuration as per https://geekflare.com/http-header-implementation/
btanExec Consultant
Distinguished Expert 2018

Commented:
For author advice

Author

Commented:
Thx

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial