Web Browser XSS Protection Not Enabled

18F / pulse

How the federal .gov domain space is doing at best practices and policies.

Other

94 stars 56 forks source link

Closed gbinal closed 7 years ago

gbinal commented 7 years ago

Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server.

This issue has been raised by the automated Compliance Viewer tests.

gbinal commented 7 years ago

Issue has been addressed (I believe in the migration to cloud.gov) and no longer is in the test results.