| || |
HTTP security headers - X-Xss-Protection
i am working on project (testing side) trying to test (HTTP security headers - X-Xss-Protection ) the site used "X-XSS-Protection: 1; mode=block,X-Content-Type-Options: nosniff" filters how i can check if thy are working fine or not as iam unable to to fine page with not allowed content type on my testing site ,is there away to change page content typ to be not allowed or something like this .
You'll see these headers in the browser's debugging tools, look under the "Network" tab, and you can get some information of the headers.
Originally Posted by MahmoudQA
As for testing the technicalities, I would say don't bother. At that point you'll be testing the browser itself and will be a unproductive use of time.