Jan Stourac created WFLY-12155: ---------------------------------- Summary: Add X-XSS-Protection header to default management config Key: WFLY-12155 URL: https://issues.jboss.org/browse/WFLY-12155 Project: WildFly Issue Type: Enhancement Components: Management Affects Versions: 16.0.0.Final Reporter: Jan Stourac Assignee: Jeff Mesnil Even though we should probably avoid using non-standardized HTTP headers, since there is already X-FRAME-OPTIONS present in a management WFCORE-1463, I propose to consider to add also [X-XSS-PROTECTION|https://developer.mozilla.org/en-US/docs/Web/HTTP/Header...] header in a default configuration of the management too. Benefit is slightly improved security for customers using Web Console management. Viable value variants are one of the following two: {code} X-XSS-Protection: 1 X-XSS-Protection: 1; mode=block {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)