I don't know how to add this part of code into my code. should it be in the header part?
<head>
<meta content="text/html; charset=UTF-8; X-Content-Type-Options=nosniff" http-equiv="Content-Type" />
<title>TestWebsite</title>
</head>
The problem is I have to add it into my code, because I did a security scan and I got that the X-XSS Protection is missing.
I don't know how to add this part of code into my code. should it be in the header part?
<head>
<meta content="text/html; charset=UTF-8; X-Content-Type-Options=nosniff" http-equiv="Content-Type" />
<title>TestWebsite</title>
</head>
The problem is I have to add it into my code, because I did a security scan and I got that the X-XSS Protection is missing.
Share Improve this question asked Dec 8, 2016 at 11:38 Shalomi90Shalomi90 7444 gold badges10 silver badges37 bronze badges 1- 2 How you add HTTP response headers will depend on your HTTP server. You can't do it from the HTML document that is used for the HTTP response body. – Quentin Commented Dec 8, 2016 at 11:49
1 Answer
Reset to default 3- This cannot be added on a HTML page.
- It has to be added to your server page as a response.
E.g. You can add any of the following options, according to your needs.
PHP
header("X-XSS-Protection: 0");
.htaccess
Header set x-xss-protection "1; mode=block"
Apache configuration files:
<IfModule mod_headers.c>
Header set X-XSS-Protection: "1; mode=block"
</IfModule>