From 56be581a98984973e567ae5cccb66d71fb0653cc Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 30 Apr 2018 15:31:05 +0200 Subject: [PATCH] Remove deprecated header --- htdocs/main.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index f76bb90ef8f..72a7327a1a1 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -1084,7 +1084,7 @@ function top_httphead($contenttype='text/html', $forcenocache=0) // Security options header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) - header("X-XSS-Protection: 1"); // Enable XSS protection of some browsers (note: use of Content-Security-Policy is more efficient) + //header("X-XSS-Protection: 1"); // XSS protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated. if (! defined('FORCECSP')) { //if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))