I have tried to put this:
<meta http-equiv="X-XSS-Protection" content="0">
en el objeto
<head> tag but have had no luck. I am trying to get rid of pesky IE preventing cross-site scirpting
preguntado el 08 de enero de 11 a las 18:01
I doubt it'd work as just a meta tag. You may have to tell your web server to send it as a real header.
In PHP, you'd do it like
In Apache's config:
Header set X-XSS-Protection 0
In IIS, there's a section in the properties for extra headers. It often has "X-Powered-By: ASP.NET" already set up in it; you'd just add "X-XSS-Protection: 0" to that same place.
If you are using .Net MVC you can configure it through customHeaders in Web.Config.
To add these headers, go to the httpprotocol node and add those headers inside the customHeaders nodo.
<httpprotocol> <customheaders> <remove name="X-Powered-By"> <add name="X-XSS-Protection" value="1; mode=block"></add> </remove> </customheaders> </httpprotocol>
I highly recommend this link that explain how can you can configuring Secure IIS Response Headers in ASP.NET MVC: http://insiderattack.blogspot.com/2014/04/configuring-secure-iis-response-headers.html
In Apache, you need to edit the config file, this file could be:
In the file you can add these lines at the end to enable HTTP Header XSS Protection:
<IfModule mod_headers.c> Header set X-XSS-Protection: "1; mode=block" </IfModule>
mod_headers is external to the main Apache core (not compiled into Apache) then you would use
.so más bien que
.c - ie.
After that, save changes, and restart apache with:
Sudo service apache2 restart
sudo service httpd restart
¡Espero que esto ayude! :)
ASP Classic, this tag will do it:
<% Response.AddHeader "X-XSS-Protection", "1" %>
In some cases, if you use
.htaccess, you will need to use double quotes:
Header set x-xss-protection "1; mode=block"
# Turn on IE8-IE9 XSS prevention tools Header set X-XSS-Protection "1; mode=block"
This header is exclusive to Internet Explorer 8 and 9, it turns on cross site scripting protection in IE 8 and IE 9 which is turned off by default as it could potentially break some websites. To turn on the XSS filter, use the header X-XSS-Protection "1; mode=block". If you wish to prevent this filter from being turned on for your website set the headers value to "0";