nginx: Remove legacy X-XSS-Protection header.

Support for this header was removed in Chrome 78, Safari 15.4, and
Edge 17.  It was never supported in Firefox.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2022-06-27 15:19:27 -07:00 committed by Tim Abbott
parent 869fe60689
commit ef3510fa6d
2 changed files with 0 additions and 2 deletions

View File

@ -5,4 +5,3 @@ add_header Strict-Transport-Security max-age=15768000 always;
add_header X-Frame-Options DENY always; add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

View File

@ -7,7 +7,6 @@ content-language: en
strict-transport-security: max-age=15768000 strict-transport-security: max-age=15768000
x-frame-options: DENY x-frame-options: DENY
x-content-type-options: nosniff x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: * access-control-allow-origin: *
access-control-allow-headers: Authorization access-control-allow-headers: Authorization
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, HEAD