diff options
| author | Adnan Umer <u.adnan@outlook.com> | 2019-08-05 17:23:50 +0500 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-08-05 18:44:08 +0200 |
| commit | c5075360c50b6e681fb3e7d58e6e93ae96662f49 (patch) | |
| tree | 21b2af141e849adfd30dd381ef3ce13965825486 /docs/ref/settings.txt | |
| parent | 05964b2198e53a8d66e34d83d9123e3051720b28 (diff) | |
Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.
Diffstat (limited to 'docs/ref/settings.txt')
| -rw-r--r-- | docs/ref/settings.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 6aed2f862f..1c845b0df1 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2182,6 +2182,10 @@ Default: ``False`` If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` sets the :ref:`x-xss-protection` header on all responses that do not already have it. +Modern browsers don't honor ``X-XSS-Protection`` HTTP header anymore. Although +the setting offers little practical benefit, you may still want to set the +header if you support older browsers. + .. setting:: SECURE_CONTENT_TYPE_NOSNIFF ``SECURE_CONTENT_TYPE_NOSNIFF`` |