Im doing some pen testing against WE (standalone) got some results. Would like some feedback.
WE standalone Vulnerability assessment using some pen testing tools.
X-Frame-Options header is not included in the HTTP response to protect against ‘ClickJacking’ attacks.
The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.
Web Browser XSS Protection is not enabled, or is disabled by the configuration of the ‘X-XSS-Protection’ HTTP response header on the web server
Seems to be only these three items, Clickjacking seems to be the highest priority. Is there a way we cam protect against these