Task #9397
Pentest: Avoid Cross Site Scripting
Status: | New - Begin Life Cycle | Start date: | January 24, 2019 | |
---|---|---|---|---|
Priority: | Normal | Due date: | January 24, 2019 | |
Assignee: | Tommy Arryandy | % Done: | 0% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
To avoid cross site scripting:
p_oResponse.setHeader("X-XSS-Protection", "1; mode=block");
p_oResponse.addHeader("X-Content-Type-Options", "nosniff");
p_oResponse.addHeader("X-Frame-Options", "SAMEORIGIN");
p_oResponse.addHeader("Strict-Transport-Security", "max-age=16070400; includeSubDomains");
// p_oResponse.addHeader("Content-Security-Policy", "script-src 'self' screen.css");
p_oResponse.addHeader("X-Permitted-Cross-Domain-Policies", "none");