-
Notifications
You must be signed in to change notification settings - Fork 0
X‐XSS‐Protection
Marthijn van den Heuvel edited this page Aug 19, 2024
·
5 revisions
The HTTP X-XSS-Protection response header was a feature of Internet Explorer, Chrome and Safari that stopped pages from loading when they detected reflected cross-site scripting (XSS) attacks.
Default usage (i.e. 1; mode=block):
app.UseXXssProtection();With options:
app.UseXXssProtection(new XXssProtectionHeaderOptions
{
Enabled = true,
Block = true,
});app.UseXXssProtection(new XXssProtectionHeaderOptions
{
Enabled = true,
ReportUri = "/Home/Report",
});Parts of this wiki may come from, or be based on, the MDN Web Doc's. Documentation by Mozilla Contributors is licensed under CC-BY-SA 2.5 or any later version.