Page MenuHomePhabricator

Investigate maybe setting X-XSS-Protection header
Open, MediumPublic

Description

Investigate setting X-XSS-Protection header.

Seems like we should figure out if we want it, and if so set to block. If we don't want, we should maybe consider disabling entirely.