XSS protection is still missing in scan

  • Resolved abijita

    (@abijita)


    5 years, 3 months ago

    Hello
    Thank you for the wonderful plugins. I have did everything as shown in the picture. However, i have scanned my website in sucuri scanner and it shows that xss protection is missing. Also i score be on security headers scanner.

    is there is anything else i need to configure?
    what should i set to referrer policy?

    Should i also configure csp and feature policy?

    i am using free version of cloudflare and using Jetpack CDN as well for images

    Please help

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Carl

    (@carlconrad)

    Hello,

    Could you confirm have selected the “Force XSS protection” option?

    Regards,
    Carl

    Thread Starter abijita

    (@abijita)

    Yes i do’

    Thread Starter abijita

    (@abijita)

    What should i do now? i am using hostgator hosting

    Thread Starter abijita

    (@abijita)

    i have added this code and everything works fine

    <IfModule mod_headers.c>
    Header set X-XSS-Protection “1; mode=block”
    </IfModule>

    Plugin Author Carl

    (@carlconrad)

    In fact, it seems CloudFlare does some rewriting of the headers. Did you try copying all the instructions into the .htaccess file?

    Regards,
    Carl

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘XSS protection is still missing in scan’ is closed to new replies.

Tags