tag:support.arachni-scanner.com,2012-07-01:/discussions/suggestions/2401-x-frame-options-test-is-a-litle-bit-excessiveArachni: Discussion 2016-02-10T10:39:52Ztag:support.arachni-scanner.com,2012-07-01:Comment/391356042016-02-10T09:59:14Z2016-02-10T09:59:14ZX-Frame-Options test is a litle bit excessive.<div><p>Seems Arachni only agree when X-Frame-Options is set to
DENY.</p>
<p>To my mind it must only complains when X-Frame-Options is
missing or is set to 'ALLOW-FROM'<br>
and not warn us when header set to 'DENY' or 'SAMEORIGIN'</p></div>sebastien.aucouturiertag:support.arachni-scanner.com,2012-07-01:Comment/391356042016-02-10T10:05:24Z2016-02-10T10:05:24ZX-Frame-Options test is a litle bit excessive.<div><p>Judging from the code, it should only be logging it when
missing.<br>
If you could show me the logged headers or better yet send me the
AFR report (in private) that'd be very helpful.</p>
<p>Also, which version and OS are you using?</p>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/391356042016-02-10T10:38:47Z2016-02-10T10:38:47ZX-Frame-Options test is a litle bit excessive.<div><p>Hi Tasos.</p>
<p>you're right, my analyse was bad.<br>
So i go deeper, and found that arachni complains on a ' 404 Not
Found' page crawled where X-Frame-Options is missing.</p>
<p>Linux arachni-1.3.2-0.5.9</p></div>sebastien.aucouturiertag:support.arachni-scanner.com,2012-07-01:Comment/391356042016-02-10T10:39:48Z2016-02-10T10:39:48ZX-Frame-Options test is a litle bit excessive.<div><p>No problem.</p>
<p>Btw, better try the new version, you're one behind.</p>
<p>Cheers</p></div>Tasos Laskos