X-XSS-Protection not implemented

Description

The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome, and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

Bussines Impact

The major impact of this violation is cross-scripting attacks.

Recommendation

Add the X-XSS-Protection header with a value of “1; mode= block”.X-XSS-Protection: 1; mode=block

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »