X-XSS-Protection not implemented


During the scan, Kayran managed to find that a X-XSS-Protection header is not implemented. The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome, and Safari that stops pages from loading when they potential detect reflected cross-site scripting (XSS) attacks.

The major impact of this violation is that it may lead to Cross Site Scripting (XSS) attacks,
since X-XSS-Protection response header is not implemented.


Add the X-XSS-Protection header with a value of :
“1; mode= block”.
X-XSS-Protection: 1; mode=block




< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »