Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-25145

Introduce "X-XSS-Protection" HTTP header

    XMLWordPrintable

Details

    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.

      Suggestion: Enable IE XSS Filter by adding the following in the Header:

      X-XSS-Protection: 1; mode=block

       

      Notes

      See JRASERVER-25143 on how to disable this.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-25143 Enable X-FRAME-Options header to implement clickjacking protection

          • Highest - Our top priority issues
          • Closed
          relates to

          Suggestion - JRACLOUD-25145 Introduce "X-XSS-Protection" HTTP header

          • Closed

          Activity

            People

              ialexeyenko Ignat (Inactive)
              vosipov VitalyA
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: