From: https://observatory.mozilla.org/analyze.html?host=support.mozilla.org X-XSS-Protection header not implemented

Lithium Response: X-XSS-Protection header not implemented

oops i meant: Lithium Response: Not supported at this time.

(In reply to Roland Tanglao :rolandtanglao from comment #2) > oops i meant: > > Lithium Response: Not supported at this time. :pmcclard: i guess this means we should close this as "WONTFIX"?

:rolandtanglao: Please leave it open for now.

Update from http://supportcases.lithium.com/50061000009MCTs QUOTE Created By: Kris Stewart (2/24/2017 11:04 AM) [Recipients: Patrick McClard, Scott Riley, Ryan Ausano, Lisa Hern, rtanglao@mozilla.com] I've already submitted the improvement requests for X-XSS-Protection and SRI support and have escalated it to my manager, the Director of Global Support. He'll make it clear to Engineering this is a critical request and we should have an idea of the timeline once Engineering has had a chance to review. END QUOTE Need Info'ing myself to remind me to test this when done

still waiting for an update from Lithium Last update: BEGIN Created By: Kris Stewart (3/27/2017 9:24 AM) [Recipients: Patrick McClard, Scott Riley, Ryan Ausano, Lisa Hern, rtanglao@mozilla.com] Hi Roland, I'm working out the timeline with our engineering folks involved. This is the first time we've enabled CSP without read-only in favor of a whitelist approach, so we're just double checking on our side to ensure no Lithium-required content will be blocked. Working out the ETA and will drop that information once I hear back. Sincerely, Kris END