You probably want to read some good information on XSS such as:
https://owasp.org/www-community/attacks/xss/
Jim
On 7/19/2021 5:27 AM, Jim Albert wrote:
X-XSS-Protection is just an HTTPD response header that instructs the
browsers that respect the header to not make a request from the
content
X-XSS-Protection is just an HTTPD response header that instructs the
browsers that respect the header to not make a request from the content
of the page that appear to be an XSS attack.
Based on the page below, I don't think X-XSS-Protection offers much.
https://developer.mozilla.org/en-US/docs
hi ,
thanks for your email,
Is it possible the server is filtering xss attacks from browser to
server request(with header= X-XSS-Protection: "1; mode=block" ), if that
then kindly provide the steps for the same.
regards
Thejas
On Fri, 16 Jul 2021 at 12:50, James Smith wrote:
> Y
You can add:
Header always set X-XSS-Protection "1; mode=block"
which will help – but the rest you need to look at the way you code your pages.
Then you can look at
(1) defensive code
(2) Content-Security-Policy header
(3) Specific rules in Apache to mitigate attacks
Remembering that XSS is of
