X-XSS-Protection not implemented

Home » Blog » X-XSS-Protection not implemented

Description

During the scan, Kayran managed to find that a X-XSS-Protection header is not implemented. The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome, and Safari that stops pages from loading when they potential detect reflected cross-site scripting (XSS) attacks.

The major impact of this violation is that it may lead to Cross Site Scripting (XSS) attacks,
since X-XSS-Protection response header is not implemented.

Recommendation

Add the X-XSS-Protection header with a value of :
“1; mode= block”.
X-XSS-Protection: 1; mode=block

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

https://cwe.mitre.org/data/definitions/16.html

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

SOC Analysts – The Front line

It is important to know that being vigilant is a very important trait in the field of information security, in this article we will discuss

Playing Online? Dangers that exist in Online Games

Browser Games? Is it Safe to be Playing Online? What are Dangers that exist in Online Games? Is it better to download and play software

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Models – CIA and AAA

The field of information security is based on a number of basic principles that are important for us. Each principle is part of two main

The Risks in Web Applications and other scary things…

There are couple of things regarding Risks in Web-Based Applications that you should know, let’s talk about them. When crossing the street, we look at

WEB APPLICATION VULNERABILITY SCANNER