X-XSS-Protection not implemented


During the scan, Kayran managed to find that a X-XSS-Protection header is not implemented. The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome, and Safari that stops pages from loading when they potential detect reflected cross-site scripting (XSS) attacks.

The major impact of this violation is that it may lead to Cross Site Scripting (XSS) attacks,
since X-XSS-Protection response header is not implemented.


Add the X-XSS-Protection header with a value of :
“1; mode= block”.
X-XSS-Protection: 1; mode=block



< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »