searxng/searx
Markus Heiser ab8e5383fb [mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00
..
answerers
botdetection Block HeadlessChrome (#3116) 2024-01-17 09:14:36 +01:00
data Update searx.data - update_wikidata_units.py 2024-01-29 14:04:24 +01:00
enginelib
engines [fix] brave.search - update result selectors to fit to new layout 2024-01-31 16:21:56 +01:00
infopage [mod] search-syntax.md: add tutorial about the feeling lucky feature 2023-09-21 15:17:23 +02:00
metrics
network
plugins [mod] isolation of botdetection from the limiter 2023-11-01 06:44:56 +01:00
search [fix] SyntaxWarning: invalid escape sequence '\>' 2024-01-15 18:27:21 +01:00
static [build] /static 2024-01-31 17:22:03 +01:00
templates/simple [fix] justify engines/cached/proxied vertically 2024-01-31 17:22:03 +01:00
translations [translations] update from Weblate 2024-01-29 15:01:37 +01:00
__init__.py [mod] document server:public_instance & remove it out of the botdetection 2023-11-01 06:44:56 +01:00
autocomplete.py [feat] autocompleter: implementation of stract (beta) 2024-01-07 11:18:16 +01:00
babel_extract.py
compat.py
exceptions.py
external_bang.py
external_urls.py
flaskfix.py
limiter.py [mod] document server:public_instance & remove it out of the botdetection 2023-11-01 06:44:56 +01:00
limiter.toml [mod] isolation of botdetection from the limiter 2023-11-01 06:44:56 +01:00
locales.py
preferences.py [mod] add hotkeys option to settings.yml 2023-10-09 18:13:00 +02:00
query.py [feat] implement feeling lucky feature 2023-09-19 09:40:57 +02:00
redisdb.py
redislib.py
results.py [mod] Retain page numbers even when there are no results 2023-11-27 14:07:04 +01:00
searxng.msg
settings.yml [mod] remove X-XSS-Protection headers 2024-01-31 17:23:41 +01:00
settings_defaults.py [mod] add option max_page 2023-12-03 13:47:17 +01:00
settings_loader.py
sxng_locales.py Update searx.data - update_engine_traits.py 2024-01-29 14:02:30 +01:00
unixthreadname.py
utils.py [fix] HTMLParser: undocumented not implemented method 2023-10-22 10:35:02 +02:00
version.py
webadapter.py Revert "[fix] limit maximum page number of a search query to page 50." (#2979) 2023-11-01 16:55:20 +00:00
webapp.py [feat] preferences: button to copy input to restore preferences hash 2024-01-29 18:09:22 +01:00
webutils.py [fix] do highlight replacement at once 2024-01-29 13:15:37 +01:00