X-Frame-Options
None
C
Coinbase
Submitted None
Team Summary
Official summary from Coinbase
Report noted that status.coinbase.com is embed-able due to its current X-Frame-Options. As there was not a demonstrated link susceptible to clickjacking, this was not a security issue, but notification of the lack of this header was considered Informative. Note: per our policy, reports for status.coinbase.com will not be eligible for bounty.
Actions:
Reported by
dark_heaven
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
UI Redressing (Clickjacking)