Hello everyone, The vulnerability scanner has flagged the stats page as being vulnerable to clickjacking. I am trying to fix this, by publishing the stats on its own frontend and add a header:
frontend stats bind 10.11.12.13:9000 stats enable stats uri /stats stats refresh 10s #rspadd X-Frame-Options:\ SAMEORIGIN http-response set-header X-Frame-Options sameorigin Neither rspadd nor http-response work, as no header is being added to the response. Any pointer into the right direction is much appreciated. Thank you, Cristian Grigoriu
