Preventing X-XSS-Protection header missing, X-Content-Type-Options etc |
How can issues such as X-XSS-Protection header missing, X-Content-Type-Options missing etc be prevented in Codeigniter ?
I have used the following code in header.php : Code: <?php
Can someone please give some suggestion. It can be done at server side but how to enforce it from client?
You can't enforce anything that comes from the client. Thats why you must never trust data coming from a request as it can be manipulated
XSS is an attack on the client ... Browsers have no interest in ignoring these headers.
(07-16-2017, 07:58 PM)june123 Wrote: Can someone please give some suggestion. It can be done at server side but how to enforce it from client? https://www.codeigniter.com/user_guide/l...utput.html https://github.com/bcit-ci/codeigniter-w...er.php#L20 |
Welcome Guest, Not a member yet? Register Sign In |