Update x-xss-protection header to disable it (#1010)

2021-05-11 13:34:10 +01:00 · 2021-05-11 13:34:10 +01:00 · eaee8de614
--- a/.utils/deploy.sh
+++ b/.utils/deploy.sh
@ -47,7 +47,7 @@ CSP="\"content-security-policy\": \"default-src 'none'; "\
 "style-src 'self' 'unsafe-inline'\""
 HSTS="\"strict-transport-security\": \"max-age=${ONE_YEAR}; includeSubDomains; preload\""
 TYPE="\"x-content-type-options\": \"nosniff\""
-XSS="\"x-xss-protection\": \"1; mode=block\""
+XSS="\"x-xss-protection\": \"0\""
 XFRAME="\"x-frame-options\": \"SAMEORIGIN\""
 REFERRER="\"referrer-policy\": \"no-referrer-when-downgrade\""
 ACAO="\"Access-Control-Allow-Origin\": \"*\""