-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
As per X-XSS-Protection:
These protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript ('unsafe-inline').
This header should be removed as part of the implementation of BSERV-14533.
- depends on
-
BSERV-14533 CSP Support for Bitbucket Server
- Gathering Interest