Details
-
Suggestion
-
Resolution: Won't Fix
-
None
Description
NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.
The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current implementation is done in an interceptor(0) it is possible for some resources to be sent without the X-XSS-Protection header.
(0) SecurityHeadersInterceptor is in the default interceptor stack.
Attachments
Issue Links
- is related to
-
CONFSERVER-30356 Convert the SecurityHeadersInterceptor into a filter that applies to /*
- Closed