Rule from http under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
Some browsers have and anti-XSS filter which protects against certain classes of cross-site scripting attacks. This HTTP header configures the built in protection. The recommended value:
X-XSS-Protection: 1; mode=block
1 turns it on and
mode=block ensures that the browser drops the request instead of trying to sanitize it.
Although you may set http headers in your application code it is often simpler to configure the web server to set it properly.
// nginx add_header X-XSS-Protection "1; mode=block"; // apache <IfModule mod_headers.c> Header set X-XSS-Protection: "1; mode=block" </IfModule>
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started