Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current implementation is done in an interceptor(0) it is possible for some resources to be sent without the X-XSS-Protection header.
(0) SecurityHeadersInterceptor is in the default interceptor stack.
Attachments
Issue Links
- relates to
-
CONFCLOUD-30356 Convert the SecurityHeadersInterceptor into a filter that applies to /*
- Closed