问题描述

我试过这个：

   <meta http-equiv="X-XSS-Protection" content="0">

< head> 标签中的

但是没有运气。我试图摆脱讨厌的IE阻止跨站点scirpting

in the <head> tag but have had no luck. I am trying to get rid of pesky IE preventing cross-site scirpting

推荐答案

我怀疑它只是作为元标记工作。您可能必须告诉您的Web服务器将其作为真实标题发送。

I doubt it'd work as just a meta tag. You may have to tell your web server to send it as a real header.

在PHP中，您可以这样做

In PHP, you'd do it like

header("X-XSS-Protection: 0");

在ASP.net中：

Response.AppendHeader("X-XSS-Protection","0")

在Apache的配置中：

In Apache's config:

Header set  X-XSS-Protection  0

在IIS中，额外标题的属性中有一个部分。它经常在其中设置X-Powered-By：ASP.NET;你只需将X-XSS-Protection：0添加到同一个地方。

In IIS, there's a section in the properties for extra headers. It often has "X-Powered-By: ASP.NET" already set up in it; you'd just add "X-XSS-Protection: 0" to that same place.

这篇关于如何设置Http头X-XSS-Protection的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！