For this code: Header set X-XSS-Protection "1; mode=block" see below. “…The filter is already built into most recent browsers…”, but it probably is a good thing to add anyway.
OWASP List of useful HTTP headers
This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It’s usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if that version honored this header.
For the other sections of code you can combine them into 1 block of code. See either one of these Bonus Custom Code forum topic links below for the combined Bonus Custom Code and how to add the Bonus Custom Code to BPS Custom Code:
External iFrame and Clickjacking Protection
Mime Sniffing and Drive-by Download Attack Protection
- This reply was modified 13 hours, 33 minutes ago by AITpro Admin.