Mailu generating two x-xss-protection headers

This is rather surprising, I would think nginx was overwriting things. Will check if this has any impact and if it can be mitigated easily.

I can confirm the behavior (rainloop webmail).
@kaiyou Is it possible to hide the "x-powered-by" header at the same time?

I have the same issue, running mailu 1.7 with rainloop as the webmail interface. I thought that nginx would strip/overwrite these headers?

Hi There,

The Mailu-Project is currently in a bit of a bind! We are short on man-power, and we need to judge if it is possible for us to put in some work on this issue.

To help with that, we are currently trying to find out which issues are actively keeping users from using Mailu, which issues have someone who want to work on them — and which issues may be less important. These a less important ones could be discarded for the time being, until the project is in a more stable and regular state once again.

In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the :smiley: icon to the top-right).

• 👍️ if you need this to be able to use Mailu. Ideally, you’d also be able to test this on your installation, and provide feedback …
• 🎉 if you find it a nice bonus, but no deal-breaker
• 🚀 if you want to work on it yourself!
  We want to keep this voting open for 2 weeks from now, so please help out!

This should be good to do and issue closed :+1:

Closing since fixed by PR #1181 . Thank you for creating the PR and reporting the issue.