Description of problem:
Customer is reporting that their pentests are failing (low severity) because the X-XSS-Protection header (to prevent cross-site scripting attacks) is missing on the OpenShift console.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. pentest the console using Kali
X-XSS-Protection header test fails
X-XSS-Protection header test succeeds
What HTTP response specifically is missing this header? Both the 3.11 and 4.1 web consoles do have it set.
This response comes from the API server. Updating the component. The console itself has the header.