Can we set the X-XSS-protection for web page response header on MyID web pages?
Yes, the X-XSS-Protection HTTP header is supported by most recent browsers and will force the enabling of any built-in cross-site scripting filters. While the built-in filters cannot be relied on solely to defend the application against input validation issues, they are a valuable addition to the defense profile of the application. It should be noted that if this header is enabled without “mode=block” then there is an increased risk that otherwise non-exploitable cross-site scripting vulnerabilities may become exploitable.
Viewing 1 post (of 1 total)
The forum ‘MyID knowledge base’ is closed to new topics and replies.