Introduce "X-XSS-Protection" HTTP header

XMLWordPrintable

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.

      Suggestion: Enable IE XSS Filter by adding the following in the Header:

      X-XSS-Protection: 1; mode=block

       

      Notes

      See JRASERVER-25143 on how to disable this.

              Assignee:
              Ignat (Inactive)
              Reporter:
              VitalyA
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: