如何设置 Http 标头 X-XSS-Protection [英] how to set Http header X-XSS-Protection
本文介绍了如何设置 Http 标头 X-XSS-Protection的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试着把这个:
<meta http-equiv="X-XSS-Protection" content="0">
在 <head>
标记中,但没有运气.我正在尝试摆脱讨厌的 IE,防止跨站点脚本
in the <head>
tag but have had no luck. I am trying to get rid of pesky IE preventing cross-site scirpting
推荐答案
我怀疑它只是一个元标记.您可能必须告诉您的网络服务器将其作为真正的标头发送.
I doubt it'd work as just a meta tag. You may have to tell your web server to send it as a real header.
在 PHP 中,你会这样做
In PHP, you'd do it like
header("X-XSS-Protection: 0");
在 ASP.net 中:
In ASP.net:
Response.AppendHeader("X-XSS-Protection","0")
在 Apache 的配置中:
In Apache's config:
Header set X-XSS-Protection 0
在 IIS 中,属性中有一个部分用于额外的标头.它通常已经设置了X-Powered-By:ASP.NET";您只需将X-XSS-Protection: 0"添加到同一个地方.
In IIS, there's a section in the properties for extra headers. It often has "X-Powered-By: ASP.NET" already set up in it; you'd just add "X-XSS-Protection: 0" to that same place.
这篇关于如何设置 Http 标头 X-XSS-Protection的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文