在响应X-XSS-protection响应标头中读取标头的值

Question

I am implementing a filter to set

httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");

I have written the filter. I want to check if its working perfect or not.

I thought to read the header from response object. But I don't know how to do that.

Can any one tell how to do it.

Or if there is abetter way of doing it, let me know.

Edit

Updating the code

public void doFilter(final ServletRequest req, final ServletResponse res, final FilterChain filterChain)
            throws IOException, ServletException 
            {   

        final HttpServletResponse response = (HttpServletResponse) res;
        final HttpServletRequest request = (HttpServletRequest) req;

        //set  X-XSS-protection in http header, other http headers can be added in same way
        String value = enable ? "1" : "0";  

        if(block) 
        {
            value += "; mode=block";
        }    

        PrintWriter out = response.getWriter();
        out.println("ready to set xss");
        response.setHeader("X-XSS-protection", value);
        out.println("<br/><br/>Xss has been set");          
        filterChain.doFilter(req, res);
        out.println("<br/><br/>XSS"+request.getHeader("X-XSS-protection"));     

        out.println("<br/><br/>job done");
    }

I am getting "XSSnull"

Please help me how do I correct it.

Thanks in advance.

Answer 1

You can get and read the response reader like this

request.getHeader("name of the header");

I am guessing in your case you are aiming for something like this

request.getHeader("X-XSS-Protection");

EDIT

for more clarification, you can think of a little analogy of Request and Response.

• Request - What you are sending.

• Response - What you are receiving

for more information about Request and Response please refer to this guide, if will containt all the information you need about Request and Response headers. Go specifically to 'Handling Http Response Headers'