Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-25145

Introduce "X-XSS-Protection" HTTP header

    XMLWordPrintable

    Details

    • Feedback Policy:
      We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.

      Suggestion: Enable IE XSS Filter by adding the following in the Header:

      X-XSS-Protection: 1; mode=block

       

      Notes

      See JRASERVER-25143 on how to disable this.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ialexeyenko Ignat Alexeyenko
              Reporter:
              vosipov Vitaly Osipov [Atlassian]
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: