HTTP Security Header Not Detected

We ran a vulnerability scan and got this alert:  HTTP Security Header Not Detected
Description:  This QID reports the absence of the following HTTP headers according to CWE-693: Protection Mechanism Failure

How can we fix this issue?
We are running the application on IIS7
LVL 1
AleksAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
You can test out to see if the response have any of these, or similar security header with "X"
X-Frame-Options:
X-XSS-Protection:
X-Content-Type-Options:
If there isnt then the findings are not false positive and based on the web server you have, set the configuration as per https://geekflare.com/http-header-implementation/
0
 
btanExec ConsultantCommented:
For author advice
0
 
AleksAuthor Commented:
Thx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.