Hello everyone.
Yesterday, I received an email from a so-called ‘white-hat’ hacker.
He claimed that my website was vulnerable to clickjacking because it could be displayed in an iframe. He had found a bypass. The ‘reverse proxy protection’ was not correctly configured, and this made it possible.
I have checked the headers of my site and under ‘X-Frame-Options’ it clearly states ‘SAMEORIGIN’.
Also, an online test shows that ‘X-Frame_options’ is properly set up on the server.
So? Is this a spam message?
Are these messages that you also receive? For me, this was the first time.
I didn’t click anywhere and threw the mail in the trash bin.
Looking forward to your responses.