pflam Posted February 28, 2023 Share Posted February 28, 2023 Hi, We have run the Invicti Vulnerability webscan against our website, it reported that the HTTP header "X-Frame-Options" and "X-XSS-Protection" are missing. We have added these headers already and tested working on our website. Then we notice that the scan tool is calling some non-existence URI and our website returned an error page response as follow: HTTP/1.1 400 Bad Request Server: Microsoft-HTTPAPI/2.0 Connection: close Content-Length: 324 Content-Type: text/html; charset=us-ascii Date: Mon, 27 Feb 2023 14:32:12 GMT <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Bad Request</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Bad Request - Invalid URL</h2> <hr><p>HTTP Error 400. The request URL is invalid.</p> </BODY></HTML> We are hosting the website using Microsoft IIS. We have set the error page code status 400 to point to our custom page, however it didn't open our custom page as you see above. Does anyone has any idea? Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts