Correcting X-XSS-Protection Header (#136)

* Correcting X-XSS-Protection Header X-XSS-Protection sets the configuration for the cross-site scripting filters built into most browsers. The best configuration is "X-XSS-Protection: 1; mode=block". Was "0" Now "1; mode=block" * Update issue templates
2025-06-18 10:06:26 +00:00 · 2019-05-07 19:11:05 -05:00
parent 9e476e5b24
commit 4fad9d672f
3 changed files with 57 additions and 1 deletions
--- a/src/backend/app.js
+++ b/src/backend/app.js
@ -48,7 +48,7 @@ app.use(function (req, res, next) {

    res.set({
        'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
-        'X-XSS-Protection':          '0',
+        'X-XSS-Protection':          '1; mode=block',
        'X-Content-Type-Options':    'nosniff',
        'X-Frame-Options':           x_frame_options,
        'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',