[Nikto-discuss] Uncommon Header problem

csullo at gmail.com csullo at gmail.com
Sat May 10 14:25:29 CDT 2014 

I'm not near a computer to check this out, but that should be in the database of known headers. So either it's missing which is a mistake, or a bug is preventing a match.

However, you want to keep that header around unless you have a specific need for removing it (and even then, allowing specific hosts to frame). So don't try to get rid of it--leave it be!

I'll look at this later to figure out why it's not matching.

Regards,
Sullo

> On May 10, 2014, at 11:26 AM, eXile Out <outofexile at yandex.com> wrote:
> 
> Dear Friend,
> I've a security problem whit my server (debian wheezy 7.4 with apache 2.2.22-deb7u on amd64 arch).
> when I scan the server with nikto, nikto tell me that found a "Uncommon header" that I can't solve:
> -----------------------------------------------------------------------------------------------------------
> - Nikto v2.1.5
> -----------------------------------------------------------------------------------------------------------
> + Taget IP: 127.0.0.1
> -----------------------------------------------------------------------------------------------------------
> + Server: Apache/2.2.22
> + Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
> -----------------------------------------------------------------------------------------------------------
> 
> The default debian anti click-hijacking config is in the file:
> /etc/apache2/conf.d/security
> And containd this line:
> Header set X-Frame-Option: "sameorigin"
> 
> I try to comment this line and add manually the protection, in file:
> /etc/apache2/httpd.conf (created by me and included on apache2.conf file)
> Whit this line:
> Header always append X-Frame-Option SAMEORIGIN
> 
> But the message on Nikto persist.
> Anyone can help me?
> Thank you so much
> Regards
> OeX
> _______________________________________________
> Nikto is sponsored by Netsparker, a false positive free web application security scanner.
> Visit https://www.netsparker.com/ for more information.
> _______________________________________________
> Nikto-discuss mail list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss

More information about the Nikto-discuss mailing list