Open sarvaje opened 4 years ago
Do you know what the action would be to remove? Also I believe there are a few open issues about changing the behavior of this hint.
The actions are "Rewrite" and "None". https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/url-rewrite-module-20-configuration-reference#rewrite-action
I have been looking for another way, but I can't find any :(
We should probably add empty string as a valid value then.
If it is not possible to delete in IIS, I think that is a good solution.
🐛 Bug report
Description
The configuration example for IIS only rewrite the value of the header to an empty string, but the header is still there and the Hint is still complaining.
I'm trying to delete the header X-XSS-Protection for elements that are not HTML.
The configuration suggested in the documentation is:
Environment
webhint
configurationwebhint’s configuration
Categories: * [x] Accessibility * [x] Compatibility * [x] Performance * [x] Pitfalls * [x] PWA * [x] Security Your target browsers: * [x] Recommended settings * [ ] Custom: Ignored resources: * [x] None * [ ] Different origin * [ ] Custom: Minimum hint severity * [] Error * [x] Warning * [ ] Hint * [ ] InformationDebug output
Please include the content of the
Error details
section if an error message was displayed.webhint’s Error details
```text Response should not include unneeded 'x-xss-protection' header. ```