Jump to content

Editor and secure headers

Thomas P

Recommended Posts

Hi IPS admin users and fellows,

I read in several topics that secure headers can affect the editor's behavior. So we have the following to meet "security standards":



1; mode=block



Which ones do I need to change in order for IPB to function as designed?

Thank you for clarification,


Link to comment
Share on other sites

Invision Community already sets X-Frame-Options to "sameorigin" if your AdminCP setting to prevent click jacking isn't disabled.

You should disable the X-XSS-Protection header. We explicitly disable this, because when you are posting HTML content to a forum it is entirely expected that the submitted content is going to be immediately "reflected" or displayed back to the end user upon submit. With certain things, such as certain embeds that may use javascript, the X-XSS-Protection may result in the post/viewing of the post not working correctly.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...