Security Headers Cloudflare Worker Part Two

1 Like

You should remove X-XSS-Protection, it’s being deprecated.

I know. However, I do still use it even though I use the CSP directive frame-ancestors 'none'. The reason is this: Until it’s fully, utterly depreciated and I can be sure that X-XSS protection won’t even help people still using IE, I’ll continue using the two in combination. To be clear, I am in agreement with you. I use it and I have it in the CloudFlare Worker code for the sake of “completeness” and the sake of others who may not even use CSP at all (thus depriving their users/visitors of the security frame-ancestors set with the value of 'none'). I definitely appreciate your feedback and the fact that you had a look at the snippet.


~ Ⓐ intr0
Sent using ProtonMail Enterprise

(Attachment publicKey - [email protected] - dc622ac9.asc is missing)