Task #9397: Pentest: Avoid Cross Site Scripting - CR#180014 - E-Channel, XL Prepaid, Online Account Opening - Penril Support System

Task #9397

Pentest: Avoid Cross Site Scripting

Added by Rayvandy Gabbytian over 5 years ago.

Status:

New - Begin Life Cycle

Start date:

January 24, 2019

Priority:

Normal

Due date:

January 24, 2019

Assignee:

Tommy Arryandy

% Done:

Category:

Spent time:

Target version:

Description

To avoid cross site scripting:

p_oResponse.setHeader("X-XSS-Protection", "1; mode=block");
p_oResponse.addHeader("X-Content-Type-Options", "nosniff");
p_oResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
p_oResponse.addHeader("Strict-Transport-Security", "max-age=16070400; includeSubDomains");
// p_oResponse.addHeader("Content-Security-Policy", "script-src 'self' screen.css");
p_oResponse.addHeader("X-Permitted-Cross-Domain-Policies", "none");

Also available in: Atom PDF

Maybank Indonesia 2019's Enhancement » CR#180014 - E-Channel, XL Prepaid, Online Account Opening

Issues

Task #9397

Pentest: Avoid Cross Site Scripting