Interface XssProtectionConfig

X-XSS-Protection header configuration (deprecated header, use CSP instead).

interface XssProtectionConfig {
    enabled?: boolean;
    mode?: "block";
    report_uri?: string;
}

Properties

enabled?: boolean

Whether X-XSS-Protection header is enabled.

mode?: "block"

report_uri?: string

HTTPS endpoint for X-XSS-Protection violation reports.