We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
According to the new OWASP HTTP Header Cheat Sheet, we should remove or disable the X-XSS-Protection header.
X-XSS-Protection
They don't say why, so I made a PR to add some explanation: OWASP/CheatSheetSeries#769
The text was updated successfully, but these errors were encountered:
remove X-XSS-Protection header (#5330)
58ee3f3
* remove X-XSS header, resolves #5328 * remove X-XSS header, resolves #5328 Co-authored-by: Manuel Sommer <[email protected]>
Fixed in dev
dev
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
According to the new OWASP HTTP Header Cheat Sheet, we should remove or disable the
X-XSS-Protection
header.They don't say why, so I made a PR to add some explanation: OWASP/CheatSheetSeries#769
The text was updated successfully, but these errors were encountered: