Home/Alerts/Alert detail/

Multiple X-Frame-Options Header Entries

Risk:
Medium

Type:
Passive

CWE:
CWE-1021

Summary: X-Frame-Options (XFO) headers were found, a response with multiple XFO header entries may not be predictably treated by all user-agents.

Solution: Ensure only a single X-Frame-Options header is present in the response.

References: https://tools.ietf.org/html/rfc7034

Top Security News

New NailaoLocker ransomware used against EU healthcare orgs

Black Basta ransomware gang's internal chat logs leak online

Windows Server 2025 released—here are the new features

SonicWall firewall bug leveraged in attacks after PoC exploit release

Chinese hackers abuse Microsoft APP-v tool to evade antivirus

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

SpyLend Android malware downloaded 100,000 times from Google Play

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Common Alerts

HighGeneric Padding Oracle

MediumVulnerable JS Library

HighExpression Language Injection

InformationalSec-Fetch-Mode Header is Missing

HighServer Side Code Injection - PHP Code Injection

LowInformation Disclosure - Sensitive Information in Browser sessionStorage

LowIn Page Banner Information Leak

MediumSub Resource Integrity Attribute Missing

InformationalCross Site Scripting (Persistent) - Spider

InformationalNon-Storable Content

Latest CVE List

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2025-23209 Craft CMS Code Injection Vulnerability

CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability

CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability

CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

Common CWEs

CWE-525 Use of Web Browser Cache Containing Sensitive Information

MediumCWE-755 Improper Handling of Exceptional Conditions

CWE-331 Insufficient Entropy

CWE-344 Use of Invariant Value in Dynamically Changing Context

LowCWE-481 Assigning instead of Comparing

CWE-177 Improper Handling of URL Encoding (Hex Encoding)

CWE-1177 Use of Prohibited Code

CWE-1339 Insufficient Precision or Accuracy of a Real Number

CWE-1097 Persistent Storable Data Element without Associated Comparison Control Element

MediumCWE-170 Improper Null Termination

Free online web security scanner

Don't show website scan report rating on the leaderboard