forked from Ponysearch/Ponysearch
[mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]: """In modern browsers, X-XSS-Protection has been deprecated in favor of the Content-Security-Policy to disable the use of inline JavaScript. Its use can introduce XSS vulnerabilities in otherwise safe websites. This should not be used unless you need to support older web browsers that don’t yet support CSP. It is thus recommended to set the header as X-XSS-Protection: 0."""[2] [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection [2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection Closes: https://github.com/searxng/searxng/issues/3171 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
parent
dca78f920f
commit
ab8e5383fb
3 changed files with 0 additions and 3 deletions
|
@ -16,7 +16,6 @@
|
|||
image_proxy: false
|
||||
default_http_headers:
|
||||
X-Content-Type-Options : nosniff
|
||||
X-XSS-Protection : 1; mode=block
|
||||
X-Download-Options : noopen
|
||||
X-Robots-Tag : noindex, nofollow
|
||||
Referrer-Policy : no-referrer
|
||||
|
|
|
@ -88,7 +88,6 @@ server:
|
|||
method: "POST"
|
||||
default_http_headers:
|
||||
X-Content-Type-Options: nosniff
|
||||
X-XSS-Protection: 1; mode=block
|
||||
X-Download-Options: noopen
|
||||
X-Robots-Tag: noindex, nofollow
|
||||
Referrer-Policy: no-referrer
|
||||
|
|
|
@ -19,7 +19,6 @@ server:
|
|||
method: "POST"
|
||||
default_http_headers:
|
||||
X-Content-Type-Options: nosniff
|
||||
X-XSS-Protection: 1; mode=block
|
||||
X-Download-Options: noopen
|
||||
X-Robots-Tag: noindex, nofollow
|
||||
Referrer-Policy: no-referrer
|
||||
|
|
Loading…
Reference in a new issue