Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-25145

Introduce "X-XSS-Protection" HTTP header

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.

      The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.

      Suggestion: Enable IE XSS Filter by adding the following in the Header: 

      X-XSS-Protection: 1; mode=block

      Attachments

        Issue Links

          is related to

          Suggestion - JRASERVER-25145 Introduce "X-XSS-Protection" HTTP header

          • Closed
          relates to

          VPP-2121 Loading...

          Activity

            People

              Unassigned Unassigned
              vosipov VitalyA
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: