X-XSS-Protection vs CSP

Question

X-XSS-Protection vs CSP

As far as I understand, CSP can be used for all the same things as X-XSS-Protectionmore. If you use CSP, is there a good reason to use X-XSS-Protection?

+4

http-headers content-security-policy

twiz Jul 14 '15 at 17:05

source share

1 answer

oreoshake · Accepted Answer · 2015-07-15T07:02:13+0000

Is there any good reason to use X-XSS-Protection?

With some doubts (see Kevin's comment below), the answer is probably yes.

X-Xss-Protectionactivates heuristic, reflected xss detection function. Reflected xss is supplied in the form of parameters, which makes it easy to determine the area of potential attack.

HTML. HTML-. javascript... CSP. CSP , javascript .

CSP, javascript, eval , , X-Xss-Protection .

CSP.

X-Xss-Protection IE . , , - IE < 12, CSP , X-Xss-Protection .

, . . . , - .

, , CSP, X-Xss-Protection

for i in twitter.com vine.co github.com
do
   echo "$i"
   curl -Is "https://$i" | grep -iE "(x-xss-protection|content-security-policy)"
done

X-XSS-Protection vs CSP

More articles: