Hello guys, Im new on this Forum I hope you can help me. I want to test a easy <script> alert("XSS"); </script> XSS attack on my Webseite. I have a nginx/1.13.12 Webserver and I think in the default settings is the X-XSS Protection on. So how can I enable X-XSS attacks in the webconfiguration? I try this on the screenshot but dont work.
A 0 value disables the XSS Filter, as seen below. x-xss-protection:0; A 1 value allows the XSS Filter. If a cross-site scripting attack is recognized, to stop the attack, the browser will clean the page. x-xss-protection:1; A 1; mode=block value enables the XSS Filter. Instead of sanitizing the page, when an XSS attack is detected, the browser will prevent delivering of the page. x-xss-protection:1; mode=block
Thank you for your answer, I try "x-xss-protection:0;" but get a error message from my browser "ERR_CONNECTION_REFUSED" I dont know why it dosent work....