Loading...

XML

Word

Printable

Type: Suggestion
Resolution: Fixed
Fix Version/s: 7.6.0
Component/s: Infrastructure & Services - Application Lifecycle
Labels:

Fixed in Long Term Support Release/s:

Download 7.6
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.

Suggestion: Enable IE XSS Filter by adding the following in the Header:

X-XSS-Protection: 1; mode=block

Notes

See ~~JRASERVER-25143~~ on how to disable this.

is related to

JRASERVER-25143 Enable X-FRAME-Options header to implement clickjacking protection

Closed

relates to

JRACLOUD-25145 Introduce "X-XSS-Protection" HTTP header

Closed

Assignee:: Ignat (Inactive)

Reporter:: VitalyA

Votes:: 2 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 22/Jul/2011 4:54 AM

Updated:: 22/May/2020 8:23 AM

Resolved:: 16/Nov/2017 11:42 AM