[Bug 66622] Enabling httpHeaderSecurity includes X-XSS-Protection the protection header which goes against Mozilla recommendations

bugzilla Wed, 31 May 2023 10:14:00 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=66622


--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Given the status and history of that feature I intend to do the following:

- change the default for xssProtectionEnabled to false
- deprecate the feature in 8.5.x to 10.1.x
- remove the feature in 11.0.x

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66622] Enabling httpHeaderSecurity includes X-XSS-Protection the protection header which goes against Mozilla recommendations

Reply via email to