Can anyone explain me to add Content security Policy and X-XSS-Protection header in my website?
You must configure the server, which you can’t. But you can add a meta tag as mentioned in Mozilla’s Documentation.
X-XSS-Protection is meant for legacy browsers. It must be configured via an .htaccess file. Or by PHP. Very few browsers supports it.
IE8, Chrome 1 - 3, Safari, Safari Mobile, Opera Mobile, and Samsung Internet are the few browsers that supports this.
1 Like
No, you don’t need to change the server configuration to set these headers. Sure, adding the headers to the main server config is a way to enable them, but far from the only one.
You can set most HTTP headers in both .htaccess rules and PHP code.
4 Likes
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.