Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17301

X-XSS-Protection is no longer recommended

    Details

      Description

      7.4+: The X-XSS-Protection header and the related system property will be removed from DXP 7.4.
      7.0-7.3: No patch required.


      Enabling the HTTP header `X-XSS-Protection` is no longer recommended. To disable, set the following in system-ext.properties:

          http.header.secure.x.xss.protection=0
      

      The X-XSS-Protection header has been full deprecated and only Safari still supports this header. The header also introduces additional security vulnerabilities

      For more details see:

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0 DE (7.0.10)
                7.1 DXP (7.1.10)
                7.2 DXP (7.2.10)
                7.3 DXP (7.3.10)