how to set X-Frame-options and X-content type-options for html and javascript

Saran Raj

unread,

Dec 15, 2017, 7:16:24 AM12/15/17

to OWASP ZAP User Group

While running testing using ZAP tool we got the following alert

1. X-Frame - Options Header Not Set

2. Web Browser XSS Protection Not Enabled

3. X-Content-Type - Options Header Missing

can anyone suggest the solution.

kingthorin+owaspzap

unread,

Dec 15, 2017, 8:35:54 AM12/15/17

to OWASP ZAP User Group

Set them.....

What's the server/technology stack in question.

Saran Raj

unread,

Dec 15, 2017, 8:38:07 AM12/15/17

to zaprox...@googlegroups.com

Tomcat is our web server

Set them.....

What's the server/technology stack in question.

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/ZRdN2w8rJd8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/49b42ee1-ccbc-4845-bbd2-ff5f2fe0fa23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

kingthorin+owaspzap

unread,

Dec 15, 2017, 4:38:35 PM12/15/17

to OWASP ZAP User Group

https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

Saran Raj

unread,

Dec 18, 2017, 8:41:41 AM12/18/17

to OWASP ZAP User Group

Our problem is not resolved even after changing our filter mapping in web.xml

On Saturday, 16 December 2017 03:08:35 UTC+5:30, kingthorin+owaspzap wrote:

https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

Reply all

Reply to author

Forward