From 491ef10392a84426af6a6dd88305f9167d7fb06a Mon Sep 17 00:00:00 2001
From: Arya Kiran <arya@projectsegfau.lt>
Date: Sun, 21 Apr 2024 14:26:11 +0530
Subject: [PATCH] remove deprecated XSS-Protection

---
 privfrontends/templates/Caddyfile.j2 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/privfrontends/templates/Caddyfile.j2 b/privfrontends/templates/Caddyfile.j2
index 51951bf..7415670 100644
--- a/privfrontends/templates/Caddyfile.j2
+++ b/privfrontends/templates/Caddyfile.j2
@@ -6,7 +6,6 @@
         header {
                 -Strict-Transport-Security
                 -Referrer-Policy
-                -X-XSS-Protection
                 -Content-Security-Policy
                 # disable clients from sniffing the media type
                 X-Content-Type-Options nosniff
@@ -44,7 +43,6 @@
                 # clickjacking protection
                 X-Frame-Options SAMEORIGIN
 
-                X-XSS-Protection "1; mode=block"
                 defer
         }
         
@@ -224,8 +222,6 @@ search.{{ server_prefix }}.projectsegfau.lt search.projectsegfau.lt s.psf.lt s.{
         header {
                 # Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
                 Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-                # Enable cross-site filter (XSS) and tell browser to block detected attacks
-                X-XSS-Protection "1; mode=block"
                 # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
                 X-Content-Type-Options "nosniff"
                 # Disable some features