Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-25145

Introduce "X-XSS-Protection" HTTP header


    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.

      The application currently does not provide an "X-XSS-Protection" HTTP header. Chrome and Internet Explorer(IE) have a feature to make Reflected XSS vulnerabilities more difficult to exploit. See https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/ for more information about the header for IE.

      Suggestion: Enable IE XSS Filter by adding the following in the Header:

      X-XSS-Protection: 1; mode=block



      See JRASERVER-25143 on how to disable this.

            ialexeyenko Ignat (Inactive)
            vosipov VitalyA
            2 Vote for this issue
            6 Start watching this issue