Skip to content
Jenkins plugin to configure additional security settings
Java HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.mvn
src
.gitignore
Jenkinsfile
LICENSE
README.md
pom.xml

README.md

Extended Security Settings for Jenkins

Build Status

Jenkins plugin to configure Extended Security Settings: a set of additional security settings for Jenkins.

Disable Password Autocomplete

This feature is designed to allow overly paranoid security scanners to certify Jenkins. This adds an autocomplete="off" attribute to password inputs on the signup and login pages. Note that this feature is generally ignored by modern web browsers due to the inherent insecurity of attempting to prevent password managers from working which encourages weak passwords or bad password management practices (like using sticky notes). See Choosing Secure Passwords for more details.

Enable X-XSS-Protection Header

This feature enables the HTTP header X-XSS-Protection: 1; mode=block to be sent on all requests which some web browsers intend as a way to automatically block suspected cross-site scripting attacks. Several web browsers (e.g., Firefox, Edge, and Chrome) do not support this header.


Check out the wiki page for the changelog.

You can’t perform that action at this time.