Forums MyID knowledge base MY0071 IIS X-XSS protection setting with MyID

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #1870
    MyID SupportMyID Support
    Keymaster

    Question:

    Can we set the X-XSS-protection for web page response header on MyID web pages? 

    Answer: 

    Yes, the X-XSS-Protection HTTP header is supported by most recent browsers and will force the enabling of any built-in cross-site scripting filters. While the built-in filters cannot be relied on solely to defend the application against input validation issues, they are a valuable addition to the defense profile of the application. It should be noted that if this header is enabled without “mode=block” then there is an increased risk that otherwise non-exploitable cross-site scripting vulnerabilities may become exploitable. 

Viewing 1 post (of 1 total)
  • The forum ‘MyID knowledge base’ is closed to new topics and replies.