plume/xss_protection

X-XSS-Protection

This response header was a feature of Internet Explorer, Chrome and Safari that stopped pages from loading when they detected reflected cross-site scripting (XSS) attacks. These protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript. Setting the header to 0 is recommended to disable the buggy XSS auditor that older browsers may still ship with.

See the MDN docs.

Types

XssProtection

</>

An X-XSS-Protection header value.

pub type XssProtection {
  Disabled
  Enabled
  Block
}

Constructors

```
Disabled
```
Disables XSS filtering. Plume default.
```
Enabled
```
Enables XSS filtering. If an attack is detected, the browser will sanitize the page.
```
Block
```
Enables XSS filtering. If an attack is detected, the browser will prevent rendering of the page rather than sanitizing it.

Values

to_string

</>

pub fn to_string(value: XssProtection) -> String

Encode as the X-XSS-Protection header value.