X-XSS-Protection is obsolete / deprecated and should be removed
DanielRuf opened this issue · comments
Describe the bug
X-XSS-Protection
is obsolete for a few years now and not supported by browsers anymore. This header will do nothing and at least caused privacy and security issues in the past.
To Reproduce
Expected behavior
Remove the X-XSS-Protection
header.
Additional context
See also:
https://caniuse.com/mdn-http_headers_x-xss-protection
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
Agreed, this should be handled by CSP policy.
🎉 This issue has been resolved in version 1.17.0 🎉
The release is available on GitHub release
Your semantic-release bot 📦🚀