Hello, One of our application is running on Tomcat and the requests are being redirected by Apache to Tomcat. When we did vulnerability scan for that application, we have encountered Cross-site scripting vulnerability. For remediating this, I have added below snippet in httpd.conf file and did a fresh scan. But still the vulnerability is visible in the scan report. Can you advise me how to put a fix for this.
Below lines are added in the httpd.conf file and the apache version is 2.2.11 Header always append X-Frame-Options SAMEORIGIN Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure Thanks, Dwarak