HandyHeaderHacker icon indicating copy to clipboard operation
HandyHeaderHacker copied to clipboard

Published 20 hours ago verified publisher icon vpnguy-zz

Consider removing X-XSS-Protection header recommendation

Open stuartw1 opened this issue 4 years ago • 0 comments

Recommendations to use X-XSS-Protection are now considered by many to be outdated / harmful Most browsers now no longer support it. I saw a pentest report with its absence flagged as "Not ok" by this tool and raised as an issue, so thought I would report.

https://portswigger.net/research/abusing-chromes-xss-auditor-to-steal-tokens https://news.ycombinator.com/item?id=20472947

stuartw1 avatar Oct 29 '20 16:10 stuartw1