This repository was archived by the owner on Apr 16, 2026. It is now read-only.
This repository was archived by the owner on Apr 16, 2026. It is now read-only.
Modification of X-XSS Protection best practice configuration #87
According to OWASP Secure Headers Project the X-XSS header should be set as X-XSS-Protection: 0 and therefore should not be penalized by the scoring methodology. A counterproposal would be to give more weight to CSP.
Source:
https://owasp.org/www-project-secure-headers/#x-xss-protection