ISSUE-40: Look at incorporating X-XSS-Protection functionality into CSP 1.1
X-XSS-Protection
Look at incorporating X-XSS-Protection functionality into CSP 1.1
- State:
- CLOSED
- Product:
- CSP Level 2
- Raised by:
- Brad Hill
- Opened on:
- 2012-11-08
- Description:
- Look at obsoleting X-XSS-Protection header by moving its features into a CSP 1.1 directive, perhaps under the name "reflected-xss-protection" (as CSP provides XSS protection through other mechanisms)
- Related Actions Items:
- No related actions
- Related emails:
- No related emails
Related notes:
This directive, if accepted, MUST be ignored if set through a META tag.
Brad Hill, 8 Nov 2012, 20:30:44Added as part of FPWD.
Brad Hill, 19 Dec 2012, 00:53:23Display change log