Web browser XSS protection missing

safe

Web browser XSS protection missing

We have to set on Web browser XSS protection to XSS attack.

First check how it looks. Open any page of your website. I am using Firefox with firebug addon. You can use Google chrome as well. In firebug console you will get the URL (Or you can check it in “Net” tab). Expand it and goto Header section. By Default Response Header will open. Now check it out.

vul3_image1

We can see the response header doesn’t have any Web browser XSS protection option on it. So we have to add it by our own.

Navigate to your root directory or public html folder. IF you don’t have any “.htaccess” file then create it or if it already exists then add the following line

Header set X-XSS-Protection 1

Now check it again –

vul3_image2

Now the parameter has set in our Response header.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *