XSS-Vulnerability/EN/Solution Tips: Unterschied zwischen den Versionen
| (3 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | If it was reported, that your website is probably not sufficiently protected from [https://en.wikipedia.org/wiki/Cross-site_scripting XSS attacks]: | ||
| + | |||
1; mode=block | 1; mode=block | ||
'''Code example of an .htaccess file on an Apache webserver.''' | '''Code example of an .htaccess file on an Apache webserver.''' | ||
| − | |||
# Turn on XSS prevention tools, activated by default in IE and Chrome | # Turn on XSS prevention tools, activated by default in IE and Chrome | ||
'''Header set X-XSS-Protection "1; mode=block"''' | '''Header set X-XSS-Protection "1; mode=block"''' | ||
| − | |||
| − | |||
| − | Here is an example of an .htaccess file which will set the ''' | + | Here is an example of an .htaccess file which will set the '''Header Scanner''' to green. |
| − | ([[Htaccess|.htaccess example | + | ([[Htaccess/EN|.htaccess example]]) |
Aktuelle Version vom 4. April 2019, 12:15 Uhr
If it was reported, that your website is probably not sufficiently protected from XSS attacks:
1; mode=block
Code example of an .htaccess file on an Apache webserver.
# Turn on XSS prevention tools, activated by default in IE and Chrome Header set X-XSS-Protection "1; mode=block"
Here is an example of an .htaccess file which will set the Header Scanner to green. (.htaccess example)
