在线文档教程
首页 技术教程 开发文档 觅分类 ICON图标
技术教程 开发文档 觅分类 ICON图标
Bootstrap 4
Bootstrap 3
C
C++
Clojure 1.8
Codeigniter 3
CSS
Docker 17
Electron
Elixir 1.5
Erlang 20
Eslint
Express
Git
Go
HTML
HTTP
指南 | Guides
指南:基础 | Guides: Basics
CSP
标题 | Headers
Accept
Accept-Charset
Accept-Encoding
Accept-Language
Accept-Ranges
Access-Control-Allow-Credentials
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Access-Control-Allow-Origin
Access-Control-Expose-Headers
Access-Control-Max-Age
Access-Control-Request-Headers
Access-Control-Request-Method
Age
Allow
Authorization
Cache-Control
Connection
Content-Disposition
Content-Encoding
Content-Language
Content-Length
Content-Location
Content-Range
Content-Type
Cookie
Cookie2
Date
DNT
ETag
Expect
Expires
Forwarded
From
Headers
Host
If-Match
If-Modified-Since
If-None-Match
If-Range
If-Unmodified-Since
Keep-Alive
Large-Allocation
Last-Modified
Location
Origin
Pragma
Proxy-Authenticate
Proxy-Authorization
Public-Key-Pins
Public-Key-Pins-Report-Only
Range
Referer
Referrer-Policy
Retry-After
Server
Set-Cookie
Set-Cookie2
SourceMap
Strict-Transport-Security
TE
Tk
Trailer
Transfer-Encoding
Upgrade-Insecure-Requests
User-Agent
User-Agent: Firefox
Vary
Via
Warning
WWW-Authenticate
X-Content-Type-Options
X-DNS-Prefetch-Control
X-Forwarded-For
X-Forwarded-Host
X-Forwarded-Proto
X-Frame-Options
方法 | Methods
RFC 2616: HTTP/1.1
RFC 4918: WebDAV
RFC 5023: The Atom Publishing Protocol
RFC 7230: Message Syntax and Routing
RFC 7231: Semantics and Content
RFC 7232: Conditional Requests
RFC 7233: Range Requests
RFC 7234: Caching
RFC 7235: Authentication
状态 | Status
Immutable 3.8.1
JavaScript
Lodash 4
Lua 5.3
Nginx
PHP
Phpunit 6
Python
React
React native
Redis
Redux
Ruby 2.4
Sass
Scikit image
Socket.IO
Sqlite
SVG
TensorFlow Guide
Typescript
Underscore
Vue 2
Webpack
Xslt & Xpath
Yarn
RxJS 5
Rollup.js
Babel
Parcel
MobX
Koa
Angular
Gulp
Grunt
Stylelint
Standard JS
Element UI
iView UI
Lavas
Mint UI
PostCSS
ThinkJS
Nest
npm
Node.js教程
JSON教程
Groovy教程
vb.net教程
Storm入门教程
Hibernate 教程
Slick教程
MongoDB教程
Yii 2.0

X-XSS-Protection

X-XSS-Protection

HTTP X-XSS-Protection响应标头是 Internet Explorer, Chrome 和 Safari 的一项功能,可在检测到反射的跨站点脚本(XSS)攻击时阻止页面加载。尽管当现代浏览器实施强大的Content-Security-Policy禁用内联 JavaScript('unsafe-inline')的强大功能时,这些保护在很大程度上是不必要的,但它们仍然可以为尚未支持 CSP 的旧版 Web 浏览器的用户提供保护。

Header typeResponse header
Forbidden header nameno

句法

X-XSS-Protection: 0
X-XSS-Protection: 1
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=<reporting-uri>

0: 禁止XSS过滤.

当检测到反射的XSS攻击时阻止加载页面:

X-XSS-Protection: 1; mode=block

PHP

header("X-XSS-Protection: 1; mode=block"

Apache (.htaccess)

<IfModule mod_headers.c> 
  Header set X-XSS-Protection "1; mode=block" 
</IfModule>

产品规格

不属于任何规格或草案。

浏览器兼容性

FeatureChromeFirefoxEdgeInternet ExplorerOperaSafari
Basic Support(Yes)(No)(Yes)8.0(Yes)(Yes)

FeatureAndroidChrome for AndroidEdge mobileFirefox for AndroidIE mobileOpera AndroidiOS Safari
Basic Support(Yes)(Yes)(Yes)(No)?(Yes)(Yes)

  • 黔ICP备2021005045号