X-Frame-Options Header Risk (scan from OWASP)

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Won't Do
    • None
    • Component/s: None
    • None

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      Jira Version: v7.0.2
      Tomcat 7

      We has use OWASP to scan JIRA server and generate report.
      The report show some risk on JIRA as below:
      1. X-Frame-Options Header Not Set
      2. Incomplete or No Cache-control and Pragma HTTP Header Set
      3. Cookie set without HttpOnly flag
      4. Web Browser XSS Protection Not Enabled
      5. Password Autocomplete in browser
      6. X-Content-Type-Options Header Missing

      How to solve this problem?
      Which JIRA version doesn't have this problem?

            Assignee:
            Unassigned
            Reporter:
            Eric Lin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: