Console showing Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block:
2
I don't know what it's means and how to remove this error.
- it's showing in my chrome console . but not in firefox console..
(index):1 Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.
Here's Response header
Cache-Control: max-age=0, must-revalidate, no-cache, no-store
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jun 2018 07:27:16 GMT
Expires: Mon, 19 Jun 2017 07:27:19 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Set-Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/ritz; domain=mydomain.com; HttpOnly
Set-Cookie: form_key=BiFqDSvrvVRBd7jn; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/mydirectory; domain=mydomain.com
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
Request header
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic dGVzdDptaWRhc0AxMjM=
Cache-Control: max-age=0
Connection: keep-alive
Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; mage-translation-storage=%7B%7D; mage-translation-file-version=%7B%7D; form_key=BiFqDSvrvVRBd7jn; store=default; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; mage-cache-sessid=true; mage-messages=; recently_viewed_product=%7B%7D; recently_viewed_product_previous=%7B%7D; recently_compared_product=%7B%7D; recently_compared_product_previous=%7B%7D; product_data_storage=%7B%7D; private_content_version=fcad1216f3986344d5a56dd2b60c1c29; section_data_ids=%7B%22directory-data%22%3A1529391306%2C%22cart%22%3A1529392350%7D
DNT: 1
Host: mydomain.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
security magento2.2.3 http-header
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
2
I don't know what it's means and how to remove this error.
- it's showing in my chrome console . but not in firefox console..
(index):1 Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.
Here's Response header
Cache-Control: max-age=0, must-revalidate, no-cache, no-store
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jun 2018 07:27:16 GMT
Expires: Mon, 19 Jun 2017 07:27:19 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Set-Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/ritz; domain=mydomain.com; HttpOnly
Set-Cookie: form_key=BiFqDSvrvVRBd7jn; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/mydirectory; domain=mydomain.com
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
Request header
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic dGVzdDptaWRhc0AxMjM=
Cache-Control: max-age=0
Connection: keep-alive
Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; mage-translation-storage=%7B%7D; mage-translation-file-version=%7B%7D; form_key=BiFqDSvrvVRBd7jn; store=default; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; mage-cache-sessid=true; mage-messages=; recently_viewed_product=%7B%7D; recently_viewed_product_previous=%7B%7D; recently_compared_product=%7B%7D; recently_compared_product_previous=%7B%7D; product_data_storage=%7B%7D; private_content_version=fcad1216f3986344d5a56dd2b60c1c29; section_data_ids=%7B%22directory-data%22%3A1529391306%2C%22cart%22%3A1529392350%7D
DNT: 1
Host: mydomain.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
security magento2.2.3 http-header
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
It may be due to double : X-XSS-Protection: 1; mode=block so remove all headers and set again single header only
– Shiv Singh
Aug 28 '18 at 18:56
May i know how did you solve your issue? @lalit mohan
– zus
Sep 8 '18 at 11:23
1
@zus pls check yourNginxorApacheconfiguration for any lines that might be setting this header remove them.
– lalit mohan
Sep 14 '18 at 13:18
add a comment |
2
2
2
1
I don't know what it's means and how to remove this error.
- it's showing in my chrome console . but not in firefox console..
(index):1 Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.
Here's Response header
Cache-Control: max-age=0, must-revalidate, no-cache, no-store
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jun 2018 07:27:16 GMT
Expires: Mon, 19 Jun 2017 07:27:19 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Set-Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/ritz; domain=mydomain.com; HttpOnly
Set-Cookie: form_key=BiFqDSvrvVRBd7jn; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/mydirectory; domain=mydomain.com
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
Request header
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic dGVzdDptaWRhc0AxMjM=
Cache-Control: max-age=0
Connection: keep-alive
Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; mage-translation-storage=%7B%7D; mage-translation-file-version=%7B%7D; form_key=BiFqDSvrvVRBd7jn; store=default; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; mage-cache-sessid=true; mage-messages=; recently_viewed_product=%7B%7D; recently_viewed_product_previous=%7B%7D; recently_compared_product=%7B%7D; recently_compared_product_previous=%7B%7D; product_data_storage=%7B%7D; private_content_version=fcad1216f3986344d5a56dd2b60c1c29; section_data_ids=%7B%22directory-data%22%3A1529391306%2C%22cart%22%3A1529392350%7D
DNT: 1
Host: mydomain.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
security magento2.2.3 http-header
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
I don't know what it's means and how to remove this error.
- it's showing in my chrome console . but not in firefox console..
(index):1 Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.
Here's Response header
Cache-Control: max-age=0, must-revalidate, no-cache, no-store
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jun 2018 07:27:16 GMT
Expires: Mon, 19 Jun 2017 07:27:19 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Set-Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/ritz; domain=mydomain.com; HttpOnly
Set-Cookie: form_key=BiFqDSvrvVRBd7jn; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/mydirectory; domain=mydomain.com
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
Request header
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic dGVzdDptaWRhc0AxMjM=
Cache-Control: max-age=0
Connection: keep-alive
Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; mage-translation-storage=%7B%7D; mage-translation-file-version=%7B%7D; form_key=BiFqDSvrvVRBd7jn; store=default; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; mage-cache-sessid=true; mage-messages=; recently_viewed_product=%7B%7D; recently_viewed_product_previous=%7B%7D; recently_compared_product=%7B%7D; recently_compared_product_previous=%7B%7D; product_data_storage=%7B%7D; private_content_version=fcad1216f3986344d5a56dd2b60c1c29; section_data_ids=%7B%22directory-data%22%3A1529391306%2C%22cart%22%3A1529392350%7D
DNT: 1
Host: mydomain.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
security magento2.2.3 http-header
security magento2.2.3 http-header
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
edited Jun 19 '18 at 7:39
lalit mohan
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
asked Jun 19 '18 at 7:20
lalit mohanlalit mohan
712526
712526
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ yesterday
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
It may be due to double : X-XSS-Protection: 1; mode=block so remove all headers and set again single header only
– Shiv Singh
Aug 28 '18 at 18:56
May i know how did you solve your issue? @lalit mohan
– zus
Sep 8 '18 at 11:23
1
@zus pls check yourNginxorApacheconfiguration for any lines that might be setting this header remove them.
– lalit mohan
Sep 14 '18 at 13:18
add a comment |
It may be due to double : X-XSS-Protection: 1; mode=block so remove all headers and set again single header only
– Shiv Singh
Aug 28 '18 at 18:56
May i know how did you solve your issue? @lalit mohan
– zus
Sep 8 '18 at 11:23
1
@zus pls check yourNginxorApacheconfiguration for any lines that might be setting this header remove them.
– lalit mohan
Sep 14 '18 at 13:18
It may be due to double : X-XSS-Protection: 1; mode=block so remove all headers and set again single header only
– Shiv Singh
Aug 28 '18 at 18:56
It may be due to double : X-XSS-Protection: 1; mode=block so remove all headers and set again single header only
– Shiv Singh
Aug 28 '18 at 18:56
May i know how did you solve your issue? @lalit mohan
– zus
Sep 8 '18 at 11:23
May i know how did you solve your issue? @lalit mohan
– zus
Sep 8 '18 at 11:23
1
1
@zus pls check your
Nginx or Apache configuration for any lines that might be setting this header remove them.– lalit mohan
Sep 14 '18 at 13:18
@zus pls check your
Nginx or Apache configuration for any lines that might be setting this header remove them.– lalit mohan
Sep 14 '18 at 13:18
add a comment |
1 Answer
1
active
oldest
votes
0
Open .htacces in magento 1 root file and find 'X-XSS' you get below line
Header set X-XSS-Protection: "1; mode=block" env=!ie8
assigne '#' befrore this line
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "479"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f230434%2fconsole-showing-error-parsing-header-x-xss-protection-1-mode-block-1-mode-bl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Open .htacces in magento 1 root file and find 'X-XSS' you get below line
Header set X-XSS-Protection: "1; mode=block" env=!ie8
assigne '#' befrore this line
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
add a comment |
0
Open .htacces in magento 1 root file and find 'X-XSS' you get below line
Header set X-XSS-Protection: "1; mode=block" env=!ie8
assigne '#' befrore this line
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
add a comment |
0
0
0
Open .htacces in magento 1 root file and find 'X-XSS' you get below line
Header set X-XSS-Protection: "1; mode=block" env=!ie8
assigne '#' befrore this line
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
Open .htacces in magento 1 root file and find 'X-XSS' you get below line
Header set X-XSS-Protection: "1; mode=block" env=!ie8
assigne '#' befrore this line
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
answered Sep 14 '18 at 11:51
AB SaiyadAB Saiyad
494
494
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Magento Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f230434%2fconsole-showing-error-parsing-header-x-xss-protection-1-mode-block-1-mode-bl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
It may be due to double : X-XSS-Protection: 1; mode=block so remove all headers and set again single header only
– Shiv Singh
Aug 28 '18 at 18:56
May i know how did you solve your issue? @lalit mohan
– zus
Sep 8 '18 at 11:23
1
@zus pls check your
NginxorApacheconfiguration for any lines that might be setting this header remove them.– lalit mohan
Sep 14 '18 at 13:18