Actions
Bug #21855
closed
Bug #21797: Remove useless headers
Remove X-XSS-Protection header
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
- OWASP recommends to turn it off https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#recommendation_1
- It has been removed from all browsers in 2019 anyway
This may give a false sense of security, better remove it.
Updated by 
Updated by
Actions