Remove unneeded HTTP X-XSS-Protection Header
ojullien opened this issue · 0 comments
ojullien commented
This protection is largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy that disables the use of inline JavaScript ('unsafe-inline').
Read this MDN's article