X-XSS- Protection

Adlago · April 15, 2019

2 minutes ago, Nathan Explosion said:

Just to put it on the record....I am not currently wearing any pants. I am also hoping that this bus gets me home before the police car behind us catches up.

Ask the driver to include the XSS and the police will not see anything.

Still, look around who's sitting in the back seat ...

Nathan Explosion · April 15, 2019

I'm in the back seat.

Colonel_mortis · April 16, 2019

I've not read through the whole topic in detail. However, for what it's worth, enabling X-XSS-Protection (XXP) breaks embeds in Safari under certain circumstances.

Also, XXP has absolutely nothing to do with ddos attacks, it is just a rudimentary safeguard against reflected XSS attacks.

Of the handful of XSS attacks that I can recall finding in IPS, only one could be blocked by XXP (and as it happens, it was on a page where XXP was enabled and the attack was blocked in the browser which support it).

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

X-XSS- Protection

Recommended Posts

Adlago

Nathan Explosion

Colonel_mortis

Archived

Recently Browsing 0 members

More