Error parsing header X-XSS-Protection

  • Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Confirmed. Getting the same here. Please fix this.

    Plugin Author SimonRWaters

    (@simonrwaters)

    Can you explain where you see the error, what page, what browser etc.

    Looks like the header is being sent already, and it has added “1” twice.

    Do you have another plugin adding this header?

    It’s in the console. It’s possible it’s already set in the nginx config, but the website owner may not know this for certain. Suggest plugin checks before trying to apply?

    Plugin Author SimonRWaters

    (@simonrwaters)

    Looks like it is nginx appending its value to the header set by the plugin.

    I think the best option is to disable (untick) the header in the plugin settings, since it is being processed by nginx after the PHP is done.

    If you can get me the nginx config it would be handy to check.

    It is going to be hard to reliably test for this in the plugin, since if there is a proxy in front mangling the headers it may not be visible from PHP. The best I could do is send JavaScript to the client browser to make additional requests (probably not a bad idea for testing if the plugin is working as expected).

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Error parsing header X-XSS-Protection’ is closed to new replies.