I use fortify scan. I have an aspx which adds value from the database to the response header. Fortify scan reports this as vulnerability under header manipulation section. To fix this, I tried to validate the value that i get it from the database with AntiXSS library and also i tried to white list the value with regex (just alphanumeric). But the scan still reports issue.
What is wrong with my fix.
