top of page
Search
Writer's pictureprashant singh
May 31, 20181 min read

Security Header

Below all headers are mitigating Cross-site scripting.


Content Security Policy Header:-

system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="Content-Security-Policy" value="default-src 'self';'unsafe-inline' 'unsafe-eval';" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

X-Content-Type-Options header:-

system.webServer>

  <httpProtocol>

    <customHeaders>

<add name="X-Content-Type-Options" value="nosniff" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

X-XSS-Protection header:-

system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="X-XSS-Protection" value="1; mode=block"></add>

   </customHeaders>

  </httpProtocol>

</system.webServer>

Missing X-Frame-Scripting Header:-

system.webServer>

  <httpProtocol>

    <customHeaders>

<add name="X-Frame-Options" value="SAMEORIGIN" />

    </customHeaders>

  </httpProtocol>

</system.webServer>

Missing strict-transport-security header:-

system.webServer>

  <httpProtocol>

    <customHeaders>

      <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>

    </customHeaders>

  </httpProtocol>

</system.webServer>


1,278 views0 comments

Recent Posts

See All

Comentarios

bottom of page