webappsec-ISSUE-40 (X-XSS-Protection): Look at incorporating X-XSS-Protection functionality into CSP 1.1 from Web Application Security Working Group Issue Tracker on 2012-11-08 (public-webappsec@w3.org from November 2012)

From: Web Application Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 08 Nov 2012 20:28:03 +0000
To: public-webappsec@w3.org
Message-Id: <E1TWYhn-0005UF-6J@tibor.w3.org>

webappsec-ISSUE-40 (X-XSS-Protection): Look at incorporating X-XSS-Protection functionality into CSP 1.1

http://www.w3.org/2011/webappsec/track/issues/40

Raised by: Brad Hill
On product: 

Look at obsoleting X-XSS-Protection header by moving its features into a CSP 1.1 directive, perhaps under the name "reflected-xss-protection" (as CSP provides XSS protection through other mechanisms)

Received on Thursday, 8 November 2012 20:28:04 UTC