NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.
Suggestion: Enable IE XSS Filter by adding the following in the Header:
X-XSS-Protection: 1; mode=block
- is related to
JRASERVER-25145 Introduce "X-XSS-Protection" HTTP header
- relates to