不安全Http请求头
| http://121.36.19.153 X-Content-Type-Options(Head字段) |
{'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'PHPSESSID=vu8lhosvsu9ent45gn7a55j3j5; path=/; HttpOnly', 'Vary': 'Accept-Encoding', 'Server': 'nginx', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Date': 'Fri, 11 Sep 2020 07:12:16 GMT', 'Content-Type': 'text/html; charset=UTF-8'} null |
| http://121.36.19.153 X-XSS-Protection(Head字段) |
{'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'PHPSESSID=vu8lhosvsu9ent45gn7a55j3j5; path=/; HttpOnly', 'Vary': 'Accept-Encoding', 'Server': 'nginx', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Date': 'Fri, 11 Sep 2020 07:12:16 GMT', 'Content-Type': 'text/html; charset=UTF-8'} null |
| http://121.36.19.153 X-Frame-Options(Head字段) |
{'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'PHPSESSID=vu8lhosvsu9ent45gn7a55j3j5; path=/; HttpOnly', 'Vary': 'Accept-Encoding', 'Server': 'nginx', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Date': 'Fri, 11 Sep 2020 07:12:16 GMT', 'Content-Type': 'text/html; charset=UTF-8'} null
|
解决版本nginx配置文件加入下面的代码:
add_header X-Frame-Options SAMEORIGIN; # 只允许本站用 frame 来嵌套
add_header X-Content-Type-Options nosniff; # 禁止嗅探文件类型
add_header X-XSS-Protection "1; mode=block"; # XSS 保护