欢迎您访问 最编程 本站为您分享编程语言代码,编程技术文章!

热门搜索/Hot Search

您现在的位置是: 首页

AppScan 漏洞扫描 - "X-Content-Type-Options" 标头缺失或不安全、"X-XSS-Protection "标头缺失或不安全、跨框架脚本防御缺失或不安全 不安全

最编程 2024-07-08 16:30:53
...

解决方案:

        tomcat的web.xml中增加:

<filter>
             <filter-name>httpHeaderSecurity</filter-name>
             <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
             <init-param>
                     <param-name>antiClickJackingOption</param-name>
                     <param-value>SAMEORIGIN</param-value>
             </init-param>
             <init-param>
                     <param-name>hstsEnabled</param-name>
                     <param-value>true</param-value>
             </init-param>                         
             <init-param>            
                     <param-name>hstsMaxAgeSeconds</param-name>                                    
                     <param-value>31536000</param-value>                                        
             </init-param>                                       
             <init-param>                          
                     <param-name>htstIncludeSubDomains</param-name>                                              
                     <param-value>true</param-value>                                                  
             </init-param>
             <async-supported>true</async-supported>
     </filter>
<filter-mapping>
            <filter-name>httpHeaderSecurity</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
</filter-mapping>

上一篇: xCellx 的详细使用方法和结果分析

下一篇: 前端面试问题 83|内联块和内联元素的区别,watch,computed,a tag,security,xss,csrf网站攻击,webpackvite,...

推荐阅读