Pengamanan Situs dengan menggunakan headers pada server Nginx

Secure Nginx from Clickjacking with X-FRAME-OPTIONS


X-Frame Options

Header add_header X-Frame-Options “SAMEORIGIN”;

Reference: here

Header X-XSS-Protection

When this header is being sent along with a response and the website contains an XSS attack, the browser will see this XSS attack and stop it from loading. This protection knows 3 levels:

  • X-XSS-Protection: 0; Disables the filter entirely.
  • X-XSS-Protection: 1; Enables the filter but only sanitizes the malicious script
  • X-XSS-Protection: 1; mode=block Enables the filter and completely blocks the page


add_header X-XSS-Protection "1; mode=block";
add_header X-XSS-Protection "1;";


X-XSS-Protection headers. Protection or vulnerability?

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha Captcha Reload