[Nikto-discuss] Uncommon Header problem

eXile Out outofexile at yandex.com
Sat May 10 10:26:00 CDT 2014


Dear Friend,
I've a security problem whit my server (debian wheezy 7.4 with apache 2.2.22-deb7u on amd64 arch).
when I scan the server with nikto, nikto tell me that found a "Uncommon header" that I can't solve:
-----------------------------------------------------------------------------------------------------------
- Nikto v2.1.5
-----------------------------------------------------------------------------------------------------------
+ Taget IP: 127.0.0.1
-----------------------------------------------------------------------------------------------------------
+ Server: Apache/2.2.22
+ Uncommon header 'x-frame-options' found, with contents: SAMEORIGIN
-----------------------------------------------------------------------------------------------------------

The default debian anti click-hijacking config is in the file:
/etc/apache2/conf.d/security
And containd this line:
Header set X-Frame-Option: "sameorigin"

I try to comment this line and add manually the protection, in file:
/etc/apache2/httpd.conf (created by me and included on apache2.conf file)
Whit this line:
Header always append X-Frame-Option SAMEORIGIN

But the message on Nikto persist.
Anyone can help me?
Thank you so much
Regards
OeX


More information about the Nikto-discuss mailing list