[webkit-dev] Intent to Remove: XSS Auditor

Brent Fulgham bfulgham at apple.com
Mon Sep 20 10:49:52 PDT 2021

Hi Folks,

We have continued to ship the XSS Auditor for a number of years after Blink and other engines have abandoned this approach in favor of modern XSS defenses like CSP.

The XSS Auditor was a great idea in its day, but now poses a maintenance burden that far outweighs the small (perhaps nonexistent) benefit it provides.

We intend to remove the XSS Auditor in the coming weeks to better align with the behavior of other browsers.

Please let me know as soon as possible if you have reasons why this would be a significant issue for your port.

Best regards,


More information about the webkit-dev mailing list