This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

User talk:Riramar

Jump to: navigation, search

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann (talk) 07:53, 30 November 2015 (CST)

Hi Riramar, this is ADHTB. You're right about X-Frame-Options header directive ALLOWALL, it is defined almost nowhere. It was initially set up on some servers to make the directive invalid and thus allow the websites to be framed from any other origin. As a consequence Mozilla (and apparently Microsoft too) decided to make it "valid" (to remove warnings from console): My goal here was to mention that somehow, and in my own opinion, it is better to have an explicit value than an implicit default value. However as it is my own opinion, I won't blame you if you revert my change because you disagree (as it is right it is defined in no RFC or other "official" document) :).