aboutsummaryrefslogtreecommitdiffstats
path: root/apps/settings/lib/SetupChecks/SecurityHeaders.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/settings/lib/SetupChecks/SecurityHeaders.php')
-rw-r--r--apps/settings/lib/SetupChecks/SecurityHeaders.php5
1 files changed, 0 insertions, 5 deletions
diff --git a/apps/settings/lib/SetupChecks/SecurityHeaders.php b/apps/settings/lib/SetupChecks/SecurityHeaders.php
index ed4e56218da..9cc6856a170 100644
--- a/apps/settings/lib/SetupChecks/SecurityHeaders.php
+++ b/apps/settings/lib/SetupChecks/SecurityHeaders.php
@@ -72,11 +72,6 @@ class SecurityHeaders implements ISetupCheck {
}
}
- $xssFields = array_map('trim', explode(';', $response->getHeader('X-XSS-Protection')));
- if (!in_array('1', $xssFields) || !in_array('mode=block', $xssFields)) {
- $msg .= $this->l10n->t('- The `%1$s` HTTP header does not contain `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', ['X-XSS-Protection', '1; mode=block']) . "\n";
- }
-
$referrerPolicy = $response->getHeader('Referrer-Policy');
if (!preg_match('/(no-referrer(-when-downgrade)?|strict-origin(-when-cross-origin)?|same-origin)(,|$)/', $referrerPolicy)) {
$msg .= $this->l10n->t(
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-03 00:35:36 +0000