Web Application Potentially Vulnerable to Clickjacking

Our site gets checked regularly by Security Metrics, enforced by the Bank, and we have just had our second fail with Opencart.

The first we think we've cleared up, just enforcing HTTPS. The second, however, is beyond our abilities I think.

THis is what we have been notified of by them..............
-------------------------------------------------------------------------------------------
Title
Web Application Potentially Vulnerable to Clickjacking

Synopsis
The remote web server may fail to mitigate a class of web application vulnerabilities.

Resolution
Return the X-Frame-Options or Content-Security-Policy (with the 'frame-ancestors' directive) HTTP header with the page's response. This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags.

Data Received
The following pages do not use a clickjacking mitigation response header and contain a clickable event : - https://serpro.co.uk/ - https://serpro.co.uk/blog - https://serpro.co.uk/storage

----------------------------------------------------------------------------------
The "Storage" page is actually a product category not the "data" storage used by Opencart.

Does anyone know of a fix we could use. Don;t want to go messing with the core of the coding unofficially as this fault seems to be an intrinsic part of the coding of Opencart, I'm not sure.

Anyway, any help on this would be gratefully received from the authors.

Regards
Adrian

Nothing to do with core Opencart, it is a general website question related to your htaccess.
Every site is different, you can use the console and google to work it out for yourself or hire a profession to do it for you.

https://stackoverflow.com/questions/688 ... ns-headers

If you pay for descent hosting they can also be pretty helpful.

Try OpenCart instead of the Journal framework. Or contact the Journal support.