Preventing X-XSS-Protection header missing, X-Content-Type-Options etc - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc (/showthread.php?tid=68471) |
Preventing X-XSS-Protection header missing, X-Content-Type-Options etc - june123 - 07-14-2017 How can issues such as X-XSS-Protection header missing, X-Content-Type-Options missing etc be prevented in Codeigniter ? I have used the following code in header.php : Code: <?php RE: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc - june123 - 07-16-2017 Can someone please give some suggestion. It can be done at server side but how to enforce it from client? RE: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc - Martin7483 - 07-17-2017 You can't enforce anything that comes from the client. Thats why you must never trust data coming from a request as it can be manipulated RE: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc - Narf - 07-17-2017 XSS is an attack on the client ... Browsers have no interest in ignoring these headers. RE: Preventing X-XSS-Protection header missing, X-Content-Type-Options etc - Paradinight - 07-17-2017 (07-16-2017, 07:58 PM)june123 Wrote: Can someone please give some suggestion. It can be done at server side but how to enforce it from client? https://www.codeigniter.com/user_guide/libraries/output.html https://github.com/bcit-ci/codeigniter-website/blob/develop/application/core/MY_Controller.php#L20 |