Skip to content

Commit

Permalink
remove deprecated X-XSS-Protection header
Browse files Browse the repository at this point in the history 
Only legacy browsers are still supporting this header. See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection#browser_compatibility.
  • Loading branch information
David Christofas committed Oct 21, 2021
1 parent ab163ba commit a1fd243
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion ocis-pkg/middleware/header.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ func Secure(next http.Handler) http.Handler {
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-XSS-Protection", "1; mode=block")

if r.TLS != nil {
w.Header().Set("Strict-Transport-Security", "max-age=31536000")
Expand Down

0 comments on commit a1fd243

Please sign in to comment.