Information Info Vega has detected that the resource has not set the X-Frame-Options HTTP response header. This header allows the resource to specify its policy with regards to whether it may be included in frames in other domains as well as which domains are allowed. When the header has been set, this may help to mitigate clickjacking attacks against browsers that support this feature. If the header has not been set, the affected resource may be used in clickjacking attacks. Set the X-Frame-Options header to DENY, SAMEORIGIN, or ALLOW-FROM according to policy. OWASP Clickjacking OWASP Clickjacking Defense Cheat Sheet