ISSUE-40: Look at incorporating X-XSS-Protection functionality into CSP 1.1

X-XSS-Protection

Look at incorporating X-XSS-Protection functionality into CSP 1.1

State:
CLOSED
Product:
CSP Level 2
Raised by:
Brad Hill
Opened on:
2012-11-08
Description:
Look at obsoleting X-XSS-Protection header by moving its features into a CSP 1.1 directive, perhaps under the name "reflected-xss-protection" (as CSP provides XSS protection through other mechanisms)
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

This directive, if accepted, MUST be ignored if set through a META tag.

Brad Hill, 8 Nov 2012, 20:30:44

Added as part of FPWD.

Brad Hill, 19 Dec 2012, 00:53:23

Display change log ATOM feed

Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 40.html,v 1.1 2020/01/17 08:52:32 carcone Exp $