EDR: The Remote Web Server Does Not Utilize A Content Security Policy Frame-Response Header - Is This A Vulnerability?
search cancel

EDR: The Remote Web Server Does Not Utilize A Content Security Policy Frame-Response Header - Is This A Vulnerability?

book

Article ID: 291528

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Nessus vulnerability scan detects EDR web server as not utilizing a Content Security Policy frame-response header - is this a true vulnerability?

Environment

  • EDR Server: All Supported Versions

Resolution

This is not a vulnerability: the EDR webapp is serving the X-Frame-Options HTTP header. This is the old way of accomplishing the same result that CSP does, but for older versions of browsers.

Additional Information

  •  
Powered by Wolken Software