发表新帖
发表新帖

how to set Http header X-XSS-Protection

后端 未结
关注
6 1038
暖寄归人
暖寄归人 2020-12-13 19:16

I have tried to put this:

in the tag but have had n

6条回答
  • 情话喂你
    情话喂你 (楼主)
    2020-12-13 19:34

    I doubt it'd work as just a meta tag. You may have to tell your web server to send it as a real header.

    In PHP, you'd do it like

    header("X-XSS-Protection: 0");

    In ASP.net:

    Response.AppendHeader("X-XSS-Protection","0")

    In Apache's config:

    Header set  X-XSS-Protection  0

    In IIS, there's a section in the properties for extra headers. It often has "X-Powered-By: ASP.NET" already set up in it; you'd just add "X-XSS-Protection: 0" to that same place.

    0 讨论(0)
 看不清?
提交回复
热议问题