We have found a vulnerability in our site.
- bypass X-Frame-Options (Proxy protection NOT used)
Proxy protection is NOT used, and X-Frame-Options header can be bypassed and recreate clickjacking on the whole domain. Also we don’t have a reverse proxy protection that allows attackers to proxy our website rather than iframe it.
Probably there is a need to implement CSP headers and set header X-Frame-Options to DENY, but we are not sure how to do it.
Kindly help what has to be done here.