You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2023/05/31 17:13:56 UTC

[Bug 66622] Enabling httpHeaderSecurity includes X-XSS-Protection the protection header which goes against Mozilla recommendations

https://bz.apache.org/bugzilla/show_bug.cgi?id=66622

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Given the status and history of that feature I intend to do the following:

- change the default for xssProtectionEnabled to false
- deprecate the feature in 8.5.x to 10.1.x
- remove the feature in 11.0.x

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org