Deprecate Web Browser XSS Protection Not Enabled?

[kingthorin]

See: https://security.stackexchange.com/questions/225415/are-favicon-ico-robots-text-sitemap-xml-vulnerable-to-xss

Per:
https://caniuse.com/#search=X-XSS-Protection
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

---

[psiinon]

Yeah, I noticed that too. I'm good with deprecating it.

[kingthorin]

Ref:

• Addon: pscan release
• Rule: HeaderXssProtectionScanner.java
• PluginID: 10016

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.