Is the X-XSS-Protection header’s syntax valid?

  • Resolved tn2

    (@tn2)


    8 years, 5 months ago

    Hi Simon,
    the “;” right after mode=block at “X-XSS-Protection: 1; mode=block;”? in plugin version 0.8 causes redbot.org to say the systax isn’t valid because of this.
    securityheaders.io gives a green checkmark for X-XSS-Protection.
    https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#X-XSS-Protection says value should be “X-XSS-Protection: 1; mode=block” (without trailing “;”)
    Just to let you know.
    Thanks for writing this plugin.
    Cheers
    Carsten

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is the X-XSS-Protection header’s syntax valid?’ is closed to new replies.