Hi, Jenkins is installed on windows server. Our web scans show three low findings .
1) cookie not marked as HttpOnly 2) [Possible] Cross-site Request Forgery 3) Missing X-frame-options header. Installed Missing X-frame plugin and the set the option as SAMEORIGIN but the scans still shows as low finding. For the other two , I'm not able to find any resolution in google search. Appreciate any inputs on this. Thanks in Advance. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/cdf27f70-6cdf-4d40-9177-4e6fcef1310bn%40googlegroups.com.
