Permanent headers

The permanent headers are always used and sent in the response by the Grid.

X-XSS-Protection

The HTTP X-XSS-Protection response header is a feature of certain browsers, Microsoft Edge, Google Chrome, and Safari, that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. The Grid implements this header with the value "1," which means that protection is enabled and that unsafe parts of the page should be filtered out.

To learn about about X-XSS-Protection, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

X-Content-Type-Options

The X-Content-Type-Options header is used by the web server to indicate that the MIME types specified in the Content-Type headers should not be changed. This allows the Grid to opt out of MIME type sniffing. It is a way for webmasters to block content sniffing that could transform non-executable MIME types into executable MIME types.

To learn about X-Content-Type-Options, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options