About Login Register Links People Trending Discover
Mark Dain Interesting article, perhaps we ought to be using X-XSS-Protection: 0 instead to avoid browser bugs blog.innerht.ml/th... ?
6y, 9w 3 replies ¬
Login or register your account to reply
Martijn I must have missed something, when do I need X-XSS-Protection? Shouldn't I just be using CSP to define exactly what resources are allowed to load?
6y, 9w 2 replies
Mark Dain Funny you should say that, it's almost exactly what MDN says; developer.mozilla.... that it's a legacy header. What I found interesting was with a strong CSP implementation, disabling the XSS filter/auditor may actually improve security
6y, 9w 1 reply