中间件为IIS,网站根目录下找到“web.cofig”文件,没有则新建该文件。复制以下代码,粘贴到web.cofig文件中(新建全部复制,已有复制system.webserver)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-XSS-Protection" value="1;mode=block"/>
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
HTML前端解决方法:
<meta http-equiv="X-XSS-Protection" content="1; mode=block" />