Welcome Guest, Not a member yet? Register   Sign In
Preventing X-XSS-Protection header missing, X-Content-Type-Options etc
#1

How can issues such as X-XSS-Protection header missing, X-Content-Type-Options missing etc be prevented in Codeigniter ?

I have used the following code in header.php :

Code:
<?php
header('X-XSS-Protection: 1; mode=block');
header('X-Frame-Options: deny');
header('X-Content-Type-Options: nosniff');
header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline';");
?>
Reply
#2

Can someone please give some suggestion. It can be done at server side but how to enforce it from client?
Reply
#3

You can't enforce anything that comes from the client. Thats why you must never trust data coming from a request as it can be manipulated
Reply
#4

XSS is an attack on the client ... Browsers have no interest in ignoring these headers.
Reply
#5

(07-16-2017, 07:58 PM)june123 Wrote: Can someone please give some suggestion. It can be done at server side but how to enforce it from client?

https://www.codeigniter.com/user_guide/l...utput.html

https://github.com/bcit-ci/codeigniter-w...er.php#L20
Reply




Theme © iAndrew 2016 - Forum software by © MyBB