Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1779

Add HTTP X-XSS-Protection response header support for WebAppSec Provider

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • None
    • 1.1.0
    • Server
    • Important
    • Hide
      The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

      Syntax
      X-XSS-Protection: 0
      X-XSS-Protection: 1
      X-XSS-Protection: 1; mode=block
      X-XSS-Protection: 1; report=<reporting-uri>

      Read more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
      Show
      The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Syntax X-XSS-Protection: 0 X-XSS-Protection: 1 X-XSS-Protection: 1; mode=block X-XSS-Protection: 1; report=<reporting-uri> Read more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

    Description

      Support to add X-XSS-Protection HTTP response header in Knox's WebAppSec Provider enabling modern web browsers to detect and thwart Cross-site Scripting (XSS) attacks.

      Attachments

        Issue Links

          Activity

            People

              kpandey Krishna Pandey
              kpandey Krishna Pandey
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 168h
                  168h
                  Remaining:
                  Remaining Estimate - 168h
                  168h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified