A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible exploits are servers being prone to clickjacking, channel downgrade attacks, and other similar client-based attack vectors.