Remove unneeded HTTP X-XSS-Protection Header #25

ojullien · 2021-01-15T14:25:27Z

This protection is largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript ('unsafe-inline').

Read this MDN's article

Signed-off-by: ojullien <ojullien@users.noreply.github.com>

Signed-off-by: ojullien <ojullien@users.noreply.github.com> Co-authored-by: ojullien <ojullien@users.noreply.github.com>

ojullien added enhancement New feature or request Configuration Apache configuration labels Jan 15, 2021

ojullien added this to the v1.3.x milestone Jan 15, 2021

ojullien self-assigned this Jan 15, 2021

ojullien added a commit that referenced this issue Jan 15, 2021

Fixes #25

0fd6539

Signed-off-by: ojullien <ojullien@users.noreply.github.com>

ojullien mentioned this issue Jan 15, 2021

Remove unneeded HTTP X-XSS-Protection Header #26

Merged

ojullien closed this as completed in #26 Jan 15, 2021

ojullien added a commit that referenced this issue Jan 15, 2021

Fixes #25 (#26)

c9b875a

Signed-off-by: ojullien <ojullien@users.noreply.github.com> Co-authored-by: ojullien <ojullien@users.noreply.github.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove unneeded HTTP X-XSS-Protection Header #25

Remove unneeded HTTP X-XSS-Protection Header #25

ojullien commented Jan 15, 2021

Remove unneeded HTTP X-XSS-Protection Header #25

Remove unneeded HTTP X-XSS-Protection Header #25

Comments

ojullien commented Jan 15, 2021