Actions
Bug #21855
closed
Bug #21797: Remove useless headers
Remove X-XSS-Protection header
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
- OWASP recommends to turn it off https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#recommendation_1
- It has been removed from all browsers in 2019 anyway
This may give a false sense of security, better remove it.
Updated by Alexis Mousset about 2 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset about 2 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/4513
Updated by Alexis Mousset about 2 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|859d6d8143fb3b258488ae8ed32eb3cca032a444.
Updated by Vincent MEMBRÉ almost 2 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.0~beta1 which was released today.
Actions