Hello everyone,

The vulnerability scanner has flagged the stats page as being vulnerable to 
clickjacking. I am trying to fix this, by publishing the stats on its own 
frontend and add a header:

frontend stats
 bind 10.11.12.13:9000
 stats enable
 stats uri /stats
 stats refresh 10s
 #rspadd X-Frame-Options:\ SAMEORIGIN
 http-response set-header X-Frame-Options sameorigin

Neither rspadd nor http-response work, as no header is being added to the 
response.

Any pointer into the right direction is much appreciated.

Thank you,
Cristian Grigoriu

Reply via email to