Merge pull request #40 from igorhrcek/issue-39

feat: Removed obsolete security header

README.md

@@ -23,7 +23,7 @@ wp secure flush
 ```
 
 ### Add Security Headers
-Adds the HSTS, Referrer-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection
+Adds the HSTS, Referrer-Policy, X-Content-Type-Options and X-Frame-Options
 
 You can choose to add all above or only one or more by using `--headers` argument.
 

src/SubCommands/AddSecurityHeaders.php

@@ -14,8 +14,7 @@ public function getTemplateVars() : array {
             'Strict-Transport-Security' => '"max-age=63072000; includeSubDomains; preload"',
             'Referrer-Policy' => 'strict-origin-when-cross-origin',
             'X-Content-Type-Options' => 'nosniff',
-            'X-Frame-Options' => 'SAMEORIGIN',
-            'X-XSS-Protection' => '"1; mode=block"'
+            'X-Frame-Options' => 'SAMEORIGIN'
         ];
 
         $headers = $this->commandArguments['headers'] ?? array_keys($default_headers);

tests/Feature/AddSecurityHeadersTest.php

@@ -25,7 +25,6 @@ public function testItWillContainAllHeadersOnNginx() : void {
         $this->assertNotEmpty($response->getHeaderLine( 'Referrer-Policy' ));
         $this->assertNotEmpty($response->getHeaderLine( 'x-content-type-options' ));
         $this->assertNotEmpty($response->getHeaderLine( 'X-Frame-Options' ));
-        $this->assertNotEmpty($response->getHeaderLine( 'X-XSS-Protection' ));
     }
 
     public function testItWillContainAllHeadersOnApache() : void {
@@ -35,6 +34,5 @@ public function testItWillContainAllHeadersOnApache() : void {
         $this->assertNotEmpty($response->getHeaderLine( 'Referrer-Policy' ));
         $this->assertNotEmpty($response->getHeaderLine( 'x-content-type-options' ));
         $this->assertNotEmpty($response->getHeaderLine( 'X-Frame-Options' ));
-        $this->assertNotEmpty($response->getHeaderLine( 'X-XSS-Protection' ));
     }
 }