如何设置 Http 标头 X-XSS-Protection [英] how to set Http header X-XSS-Protection

问题描述

我试着把这个:

   <meta http-equiv="X-XSS-Protection" content="0">

在 <head> 标记中，但没有运气.我正在尝试摆脱讨厌的 IE，防止跨站点脚本

in the <head> tag but have had no luck. I am trying to get rid of pesky IE preventing cross-site scirpting

推荐答案

我怀疑它只是一个元标记.您可能必须告诉您的网络服务器将其作为真正的标头发送.

I doubt it'd work as just a meta tag. You may have to tell your web server to send it as a real header.

在 PHP 中，你会这样做

In PHP, you'd do it like

header("X-XSS-Protection: 0");

在 ASP.net 中:

In ASP.net:

Response.AppendHeader("X-XSS-Protection","0")

在 Apache 的配置中:

In Apache's config:

Header set  X-XSS-Protection  0

在 IIS 中，属性中有一个部分用于额外的标头.它通常已经设置了X-Powered-By:ASP.NET"；您只需将X-XSS-Protection: 0"添加到同一个地方.

In IIS, there's a section in the properties for extra headers. It often has "X-Powered-By: ASP.NET" already set up in it; you'd just add "X-XSS-Protection: 0" to that same place.

这篇关于如何设置 Http 标头 X-XSS-Protection的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！