Form + X-Frame-Options
This really isn't a question, more of an opinion/alert (or feature request). I recently had an Information Security Engineer from a Maureen Data Systems (30-year partner to Microsoft) review a landing page I created for an upcoming cybersecurity conference MDS is putting on) and Steve's response was very positive of how Brizy is creating webpages, however, he did make a comment about the form that was being used:
There is one minor issue that is fairly easy to fix. There is a low likelihood of clickjacking that could be fixed by setting a response header X-Frame-Options to the value DENY.
I just wanted to make sure that Brizy developers were aware of this -- if in fact, it could lead to better security and prevent clickjacking.
-
Hi Daniel,
Thank you for sharing your feedback.
I have posted it in our internal support chat for review and consideration by our development team. We appreciate the time you took to provide this information and will take it into account for future enhancements to ensure better security.
If you have any further suggestions or feedback, please feel free to share them with us.
Best regards,
Ariel H.0
Please sign in to leave a comment.
Comments
1 comment