什么是http-header“X-XSS-Protection”? [英] What is the http-header "X-XSS-Protection"?
问题描述
所以我现在一直在使用HTTP来玩telnet(即只输入telnet google.com 80并输入随机GET和带有不同标题的POST等)但是我遇到了一些东西google.com传输了我不知道的标题。
So I've been toying around with HTTP for fun in telnet now (i.e. just typing in "telnet google.com 80" and putting in random GETs and POSTs with different headers and the like) but I've come across something that google.com transmits in it's headers that I don't know.
我一直在寻找 http://www.w3.org/Protocols/rfc2616/rfc2616.html 并没有找到谷歌这个特定的http-header的定义要喷出:
I've been looking through http://www.w3.org/Protocols/rfc2616/rfc2616.html and have found no definition for this particular http-header that google seems to be spouting out:
GET / HTTP/1.1
HTTP/1.1 200 OK
Date: Wed, 01 Feb 2012 03:42:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=6ddbc0a0342e7e63:FF=0:TM=1328067744:LM=1328067744:S=4d4farvCGl5Ww0C3; expires=Fri, 31-Jan-2014 03:42:24 GMT; path=/; domain=.google.com
Set-Cookie: NID=56=PgRwCKa8EltKnHS5clbFuhwyWsd3cPXiV1-iXzgyKsiy5RKXEKbg89gWWpjzYZjLPWTKrCWhOUhdInOlYU56LOb2W7XpC7uBnKAjMbxQSBw1UIprzw2BFK5dnaY7PRji; expires=Thu, 02-Aug-2012 03:42:24 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
1000
任何人都知道X-XSS-Protection是什么?
Anyone know what "X-XSS-Protection" is?
推荐答案
X- XSS-Protection是Internet Explorer 8(以及更新版本)可以理解的HTTP标头。
此标头允许域打开和关闭IE8的XSS过滤器,这可以防止某些类别的XSS攻击。
IE8默认情况下已激活过滤器,但服务器可以通过设置关闭来切换
X-XSS-Protection is a HTTP header understood by Internet Explorer 8 (and newer versions). This header lets domains toggle on and off the "XSS Filter" of IE8, which prevents some categories of XSS attacks. IE8 has the filter activated by default, but servers can switch if off by setting
X-XSS-Protection: 0
这篇关于什么是http-header“X-XSS-Protection”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
