[Docs] remove x-xss-protection-header (#53362)
The x-xss-protection header is a non-standardized http header with low browser-capability. If it is likely to be supported in the future, it can be treated as experimental, but since it is not, it is preferable to remove it. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection https://caniuse.com/mdn-http_headers_x-xss-protection
This commit is contained in:
parent
4a926efb83
commit
d3b0c7bb42
1 changed files with 0 additions and 11 deletions
|
@ -437,17 +437,6 @@ If you're deploying to [Vercel](https://vercel.com/docs/concepts/edge-network/he
|
|||
}
|
||||
```
|
||||
|
||||
### X-XSS-Protection
|
||||
|
||||
This header stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Although this protection is not necessary when sites implement a strong [`Content-Security-Policy`](#content-security-policy) disabling the use of inline JavaScript (`'unsafe-inline'`), it can still provide protection for older web browsers that don't support CSP.
|
||||
|
||||
```js
|
||||
{
|
||||
key: 'X-XSS-Protection',
|
||||
value: '1; mode=block'
|
||||
}
|
||||
```
|
||||
|
||||
### X-Frame-Options
|
||||
|
||||
This header indicates whether the site should be allowed to be displayed within an `iframe`. This can prevent against clickjacking attacks. This header has been superseded by CSP's `frame-ancestors` option, which has better support in modern browsers.
|
||||
|
|
Loading…
Reference in a new issue