AuthEndpoint.HasFrameOptions

Authorization page has X-Frame-Options header

This test determines whether the authorization endpoint uses the X-Frame-Options header to avoid framing of the authorization page.

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 10.13 (may)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.2.6 (may)
• OAuth 2.0 Security Best Current Practice (SecBCP), section 4.15 (should)

Back to the test case overview or the threat overview