Open g-noth opened 1 year ago
According to OWASP Secure Headers Project the X-XSS header should be set as X-XSS-Protection: 0 and therefore should not be penalized by the scoring methodology. A counterproposal would be to give more weight to CSP.
Source: https://owasp.org/www-project-secure-headers/#x-xss-protection
According to OWASP Secure Headers Project the X-XSS header should be set as X-XSS-Protection: 0 and therefore should not be penalized by the scoring methodology. A counterproposal would be to give more weight to CSP.
Source: https://owasp.org/www-project-secure-headers/#x-xss-protection