Using X-XSS-Protection with specific domains?

StackOverflow https://stackoverflow.com/questions/22991434

I'm planning on adding X-XSS-Protection: 0 header in order to allow requests between mydomian.com and mystaticdomain.com. Can this header be used with a specific domain, as in X-Frame-Option/Allow-From?

https://www.keycdn.com/blog/x-xss-protection

有帮助吗?

解决方案

No, this header does not allow this.

If you want a secure solution, you should implement CORS which will allow you to specify which domains can access content normally protected by the Same Origin Policy by use of a header:

Access-Control-Allow-Origin: mystaticdomain.com
许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top