Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X-XSS-Protection header should be absent or set to 0 #5328

Closed
valentijnscholten opened this issue Oct 23, 2021 · 1 comment · Fixed by #5330
Closed

X-XSS-Protection header should be absent or set to 0 #5328

valentijnscholten opened this issue Oct 23, 2021 · 1 comment · Fixed by #5330
Labels

Comments

@valentijnscholten
Copy link
Member

According to the new OWASP HTTP Header Cheat Sheet, we should remove or disable the X-XSS-Protection header.

They don't say why, so I made a PR to add some explanation: OWASP/CheatSheetSeries#769

damiencarol pushed a commit that referenced this issue Oct 25, 2021
* remove X-XSS header, resolves #5328

* remove X-XSS header, resolves #5328

Co-authored-by: Manuel Sommer <[email protected]>
@damiencarol damiencarol linked a pull request Oct 25, 2021 that will close this issue
@damiencarol
Copy link
Contributor

Fixed in dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants