1
0
mirror of https://github.com/searxng/searxng.git synced 2024-11-14 00:30:15 +01:00
searxng/docs/admin
Markus Heiser ab8e5383fb [mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00
..
answer-captcha [doc] answer CAPTCHA from server's IP 2023-05-22 10:46:10 +02:00
settings [mod] remove X-XSS-Protection headers 2024-01-31 17:23:41 +01:00
answer-captcha.rst [doc] answer CAPTCHA from server's IP 2023-05-22 10:46:10 +02:00
api.rst [mod] settings.yml: remove plugin settings for plugins that don't exist anymore 2023-09-29 11:26:49 +02:00
arch_public.dot [doc] update documentation of the installation procedures 2022-07-30 13:39:35 +02:00
architecture.rst [docs] corrections from @tiekoetter's review 2022-07-30 13:39:35 +02:00
buildhosts.rst [fix] typos in documentation & messages 2023-08-13 08:50:29 +02:00
index.rst [mod] isolation of botdetection from the limiter 2023-11-01 06:44:56 +01:00
installation-apache.rst [fix] spelling 2023-09-18 16:20:27 +02:00
installation-docker.rst Docker: add UWSGI_WORKERS and UWSGI_THREAD environment variables (#2992) 2023-11-12 16:46:34 +00:00
installation-nginx.rst [doc] rearranges Settings & Engines docs for better readability 2023-07-01 22:45:19 +02:00
installation-scripts.rst [fix] typos/grammar in docs 2023-04-21 06:51:44 +02:00
installation-searxng.rst [fix] typos in documentation & messages 2023-08-13 08:50:29 +02:00
installation-uwsgi.rst [doc] rearranges Settings & Engines docs for better readability 2023-07-01 22:45:19 +02:00
installation.rst [fix] typos/grammar in docs 2023-04-21 06:51:44 +02:00
plugins.rst [mod] documentation: change the jinja context doesn't depend on searx.webapp 2020-12-27 10:00:35 +01:00
searx.limiter.rst [mod] isolation of botdetection from the limiter 2023-11-01 06:44:56 +01:00
update-searxng.rst [fix] typos in documentation & messages 2023-08-13 08:50:29 +02:00