If a cross-site scripting attack is detected, the IE will sanitize the page and only show a "#" as default header.
Header set X-XSS-Protection "1; mode=block"
</IfModule>
Controlling the XSS Filter(Microsoft)
X-XSS-Protection(MDN)
X-XSS-Protection: 0
Disables XSS filtering.X-XSS-Protection: 1
Enables XSS filtering(usually default in browsers), sanitize the page.X-XSS-Protection: 1; mode=block
Enables XSS filtering, prevent rendering of the page if an attack is detected.X-XSS-Protection: 1; report=<reporting-uri>
Enables XSS filtering, sanitize the page and report the violation. This uses the functionality of the CSP report-uri directive to send a report.In PHP
header("X-XSS-Protection: 1; mode=block");By .htaccess
<IfModule mod_headers.c>Header set X-XSS-Protection "1; mode=block"
</IfModule>
Controlling the XSS Filter(Microsoft)
X-XSS-Protection(MDN)
No comments :
Post a Comment