X-XSS-Protection vulnerability on old IE

On old versions of Internet Explorer, `X-XSS-Protection: 1; mode=block` creates a vulnerability (see [here](http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/) and [here](http://technet.microsoft.com/en-us/security/bulletin/MS10-002)), and so the header is should be set to `0` to mitigate that vulnerability.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

X-XSS-Protection vulnerability on old IE #1770

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

X-XSS-Protection vulnerability on old IE #1770

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions