X-Frame-Options header ignored when duplicated

2012-07-17T00:00:00
ID MFSA2012-51
Type mozilla
Reporter Mozilla Foundation
Modified 2012-07-17T00:00:00

Description

Bugzilla developer Frédéric Buclin reported that the "X-Frame-Options header is ignored when the value is duplicated, for example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This duplication occurs for unknown reasons on some websites and when it occurs results in Mozilla browsers not being protected against possible clickjacking attacks on those pages