• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Preventing X-XSS-Protection header missing, X-Content-Type-Options etc

#1
How can issues such as X-XSS-Protection header missing, X-Content-Type-Options missing etc be prevented in Codeigniter ?

I have used the following code in header.php :

Code:
<?php
header('X-XSS-Protection: 1; mode=block');
header('X-Frame-Options: deny');
header('X-Content-Type-Options: nosniff');
header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline';");
?>
Reply

#2
Can someone please give some suggestion. It can be done at server side but how to enforce it from client?
Reply

#3
You can't enforce anything that comes from the client. Thats why you must never trust data coming from a request as it can be manipulated
Reply

#4
XSS is an attack on the client ... Browsers have no interest in ignoring these headers.
Reply

#5
(07-16-2017, 08:58 PM)june123 Wrote: Can someone please give some suggestion. It can be done at server side but how to enforce it from client?

https://www.codeigniter.com/user_guide/l...utput.html

https://github.com/bcit-ci/codeigniter-w...er.php#L20
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
2 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.