[Bug 66622] Enabling httpHeaderSecurity includes X-XSS-Protection the protection header which goes against Mozilla recommendations

https://bz.apache.org/bugzilla/show_bug.cgi?id=66622 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

[Bug 66622] Enabling httpHeaderSecurity includes X-XSS-Protection the protection header which goes against Mozilla recommendations

https://bz.apache.org/bugzilla/show_bug.cgi?id=66622 --- Comment #1 from Mark Thomas --- Given the status and history of that feature I intend to do the following: - change the default for xssProtectionEnabled to false - deprecate the feature in 8.5.x to 10.1.x - remove the feature in 11.0.x