https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091959#M4333 <P>Thank you&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="UserName lia-user-name lia-user-rank-Community-Manager lia-component-message-view-widget-author-username"><A href="https://community.hpe.com/t5/user/viewprofilepage/user-id/1181977" target="_self"><SPAN class="">Parvez_AL</SPAN></A><SPAN>&nbsp;</SPAN></SPAN></P><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV> Wed, 17 Jun 2020 02:11:41 GMT Trung107 2020-06-17T02:11:41Z https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091717#M4331 <P>Hi Bro,</P><P>I'm used WebInspect, and it&nbsp;<SPAN>detects my website has&nbsp;Cross-Frame Scripting Problem (Cross-Frame Scripting ( 11293 )).&nbsp;</SPAN>But even my response header has X-Frame-Options &amp; Content-Security-Policy: frame-ancestors setting,</P><P>WebInspect still&nbsp;<SPAN>detects the same problem.&nbsp; You can see the report file that contains the issue&nbsp; <SPAN class="fontstyle0">Cross-Frame Scripting ( 11293 ) here&nbsp;</SPAN>&nbsp;<A title="Report file" href="https://drive.google.com/file/d/1Bf-MY80YI8_usmCb-gtjNL6VY_h6pol6/view?usp=sharing" target="_blank" rel="noopener">report file</A>&nbsp;</SPAN></P><P><SPAN>Please help me resolve that.<BR />Is any way to resolve it? So I think that was obviously false positives.</SPAN></P><P><SPAN>Scan information:&nbsp;</SPAN></P><P><SPAN>- Policy: Standard</SPAN></P><P><SPAN>- Scan Version: 20.1.0.199</SPAN></P><P><SPAN>- Scan Type: Site<BR /></SPAN></P><P><SPAN>Issue:</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">High Issues Cross-Frame Scripting ( 11293 ) View Description CWE: 1021 Kingdom: Security Features Page: https://10.1.33.17:443/</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><DIV>&nbsp;</DIV><DIV>Request:</DIV><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">GET / HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate Pragma: no-cache User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/58.0 Host: 10.1.33.17 Connection: Keep-Alive X-WIPP: AscVersion=20.1.0.199 X-Scan-Memo: Category="Crawl";SID="2CF765E6D8D95CDB61F57141B17462A6";SessionType="Externa lAddedToCrawl";CrawlType="None";AttackType="None";OriginatingEngineID="00000 000-0000-0000-0000-000000000000";tid="109";tt="31"; X-RequestManager-Memo: sid="67";smi="0";sc="1";ID="3dad46cc"; X-Request-Memo: ID="86fc50f6";sc="1";tid="106"; Cookie: CustomCookie=WebInspect148724ZXE9B2988179734CA6A2CF0DC556B11AD3YFD5F R</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><DIV>&nbsp;</DIV><DIV>Response:</DIV><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">HTTP/1.1 200 OK Cache-Control: no-cache, no-store,private, max-age=3600, must-revalidate Pragma: no-cache Content-Type: text/html; charset=utf-8 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Length: 15548 Set-Cookie: .AspNetCore.Antiforgery.c_12tiZU3jA=CfDJ8N8w1XEX_wxJuzUyQXra96u2ltEear86diCa FvrnuzWHPfeugmNneN297MliJ_8aNt27154edOJ0vrV6k1VD6Sj1ue0z1rOTZaDql9YznwdzsVqFbUOj5Vfyf O8zXcVKpp1IoDnnVudgolF8rVQbLA; path=/; samesite=strict; httponly Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://10.1.33.17:443/Resources/; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Mon, 15 Jun 2020 08:34:10 GMT</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV> Tue, 16 Jun 2020 11:32:10 GMT https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091717#M4331 Trung107 2020-06-16T11:32:10Z https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091748#M4332 <P><SPAN>Hi,</SPAN></P> <P><SPAN>Webinspect is part of a different company named " Micro Focus " . So you will need to repost your question to the Micro Focus Community at&nbsp;</SPAN><A href="https://community.softwaregrp.com/" target="_blank" rel="nofollow noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer noopener noreferrer">https://community.softwaregrp.com/</A><SPAN>&nbsp;</SPAN></P> Tue, 16 Jun 2020 12:46:37 GMT https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091748#M4332 Parvez_Admin 2020-06-16T12:46:37Z https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091959#M4333 <P>Thank you&nbsp;<SPAN>&nbsp;</SPAN><SPAN class="UserName lia-user-name lia-user-rank-Community-Manager lia-component-message-view-widget-author-username"><A href="https://community.hpe.com/t5/user/viewprofilepage/user-id/1181977" target="_self"><SPAN class="">Parvez_AL</SPAN></A><SPAN>&nbsp;</SPAN></SPAN></P><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV> Wed, 17 Jun 2020 02:11:41 GMT https://community.hpe.com/t5/other-hpe-product-questions/need-to-support-cross-frame-scripting-11293-problem/m-p/7091959#M4333 Trung107 2020-06-17T02:11:41Z