Re: [webappsec] subsume X-XSS-Protection into CSP 1.1?

On Thu, Nov 8, 2012 at 12:01 PM, Hill, Brad <> wrote:
> As I’m here at the IETF, reviewing the websec’s charter statement and
> framework requirements, I note that one of the goals that drove the
> formation of both our WGs was to reduce fragmentation and duplication of
> security features and make it easier for resource owners to author policy
> through a consolidated, extensible mechanism.
> In that spirit, I wonder if another logical directive for CSP 1.1 might be
> to incorporate the features currently provide by “X-XSS-Protection”.  It
> eliminates the need for another X- header, and seems like a logical fit.
> Would there be any interest in this from implementers who currently manage
> XSS filters in their browser?



Received on Thursday, 8 November 2012 20:08:46 UTC