remove x-xxs-protection; add X-Content-Type-Options

Swetrix · Jan 31, 2025 · fda11ff · fda11ff
1 parent 13e3a02
commit fda11ff
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 3 deletions.
diff --git a/backend/apps/cloud/src/main.ts b/backend/apps/cloud/src/main.ts
@@ -45,7 +45,7 @@ async function bootstrap() {
     res.header('Referrer-Policy', 'strict-origin-when-cross-origin')
     res.header('X-Frame-Options', 'DENY')
     res.header('X-Powered-By', 'Mountain Dew')
-    res.header('X-XSS-Protection', '1; mode=block')
+    res.header('X-Content-Type-Options', 'nosniff')
     res.header('Access-Control-Allow-Origin', '*')
     res.header('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,PATCH')
     res.header('Access-Control-Allow-Headers', 'Authorization, *')

diff --git a/backend/apps/community/src/main.ts b/backend/apps/community/src/main.ts
@@ -37,7 +37,7 @@ async function bootstrap() {
     res.header('Referrer-Policy', 'strict-origin-when-cross-origin')
     res.header('X-Frame-Options', 'DENY')
     res.header('X-Powered-By', 'Mountain Dew')
-    res.header('X-XSS-Protection', '1; mode=block')
+    res.header('X-Content-Type-Options', 'nosniff')
     res.header('Access-Control-Allow-Origin', '*')
     res.header('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,PATCH')
     res.header('Access-Control-Allow-Headers', 'Authorization, *')

diff --git a/web/app/root.tsx b/web/app/root.tsx
@@ -70,7 +70,6 @@ export const headers: HeadersFunction = () => ({
   'Permissions-Policy': 'interest-cohort=()',
   'Referrer-Policy': 'strict-origin-when-cross-origin',
   'X-Powered-By': 'Mountain Dew',
-  'X-XSS-Protection': '1; mode=block',
   // Theme detection headers (browser hints)
   'Accept-CH': 'Sec-CH-Prefers-Color-Scheme',
   Vary: 'Sec-CH-Prefers-Color-Scheme',