we have used RiskRecon looking for vulnerabilities on the developer portals and apis endpoints.
we have found that there are missing three headers on base path:
1. X-Frame-Options: DENY
2. X-Content-Type-Options: nosniff
3. X-XSS-Protection: 1; mode=block
this should be applied to
We are in a hurry since this was reported to us by an external auditor, the ticket hasd been opened for 28 days, and we dont have a solution
|Needed By||Yesterday (Let's go already!)|
Do not place IBM confidential, company confidential, or personal information into any field.