hi ,
thanks for your email,
Is it possible the server is filtering xss attacks from browser to
server request(with header= X-XSS-Protection: "1; mode=block" ), if that
then kindly provide the steps for the same.
regards
Thejas
On Fri, 16 Jul 2021 at 12:50, James Smith <j...@sanger.ac.uk> wrote:
> You can add:
>
> Header always set X-XSS-Protection "1; mode=block"
>
> which will help – but the rest you need to look at the way you code your
> pages.
>
> Then you can look at
> (1) defensive code
> (2) Content-Security-Policy header
> (3) Specific rules in Apache to mitigate attacks
>
> Remembering that XSS is often a vector for other attacks.
>
>
>
> *From:* Thejas Hl <thejashl...@gmail.com>
> *Sent:* 16 July 2021 06:31
> *To:* users@httpd.apache.org
> *Subject:* [users@httpd] query regarding httpd server [EXT]
>
>
>
> Hello team,
>
> Is xss attack internally taken care by httpd apache server if
> yes kindly share the steps to activate for protection against such attack.
>
>
>
> Thanks and regards
>
> tej
>
>
> -- The Wellcome Sanger Institute is operated by Genome Research Limited, a
> charity registered in England with number 1021457 and a company registered
> in England with number 2742969, whose registered office is 215 Euston Road,
> London, NW1 2BE.
>
