HTTP Security Header Not Detected Vulnerability

Our vulnerability scanning tool, the absence of the following HTTP headers X-Frame-Options, X-XSS-Protection, X-Content-Type-Options has been reported. I want to know how we can rectify this? Is it fixed in the upgraded versions?
Version we use currently are as below:

Elasticsearch(ELK): 1.2.1
Logstash(ELK): 1.4.1
Kibana(ELK): 3.1.0

You should really, really, really upgrade. Those are all unsupported versions and have been for years - https://www.elastic.co/subscriptions/matrix

Yes @warkolm we are planning to upgrade but till the upgrade is complete we need to take an exception for the vulnerability and for that we need a confirmation if this issue still exists in the latest upgrade or not

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.