Vulnerabilities/

X-XSS-Protection Header is Missing

Severity:
Informational

Description

This issue has been retired in favour of X-XSS-Protection Header is Set

The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Mozilla

Recommendation

Configure your server to send this header for all pages. You can see references for possible values.

References

Related Issues

Tags:
HTTP Headers
Cross Site Scripting (XSS)
Application Misconfiguration
Anything's wrong? Let us know Last updated on May 13, 2024

Order SmartScanner Professional version

See Pricing

We use cookies to enhance quality of our services and to analyze traffic. Read our privacy policy.