> Am 18.02.2019 um 23:55 schrieb Gregg Smith <g...@gknw.net>:
>
> When setting a header it used to set the header case-sensitive as configured.
> Now with 2.4.38 it sets in all lower case. Regression?
>
> Header always set X-Xss-Protection "1; mode=block"
> Result;
> 2.4.37: X-Xss-Protection: 1; mode=block
> 2.4.38: x-xss-protection: 1; mode=block
You are not using a HTTP/2 client by any chance?
> If I'm reading the RFC correctly, sensitivity doesn't matter when parsing the
> header but the 2.4 docs show it outputting as configured as 2.4 has been
> prior to .38.
>
> Cheers
>
> G