Convert the SecurityHeadersInterceptor into a filter that applies to /*

XMLWordPrintable

      NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.

      The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current implementation is done in an interceptor(0) it is possible for some resources to be sent without the X-XSS-Protection header.

      (0) SecurityHeadersInterceptor is in the default interceptor stack.

              Assignee:
              David Black
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: