X-XSS-Protection not implemented

Home » blog » X-XSS-Protection not implemented

Description

During the scan, Kayran managed to find that a X-XSS-Protection header is not implemented. The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome, and Safari that stops pages from loading when they potential detect reflected cross-site scripting (XSS) attacks.

The major impact of this violation is that it may lead to Cross Site Scripting (XSS) attacks,
since X-XSS-Protection response header is not implemented.

Recommendation

Add the X-XSS-Protection header with a value of :
“1; mode= block”.
X-XSS-Protection: 1; mode=block

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

< Return to all Vulnerabilities

SOC Analysts – The Front line

It is important to know that being vigilant is a very important trait in the field of information security, in this article we will discuss

Models – CIA and AAA

The field of information security is based on a number of basic principles that are important for us. Each principle is part of two main

Hackers hat shop – The many types of hackers

In our world there are many types of people, people that we trust, those who cannot be trusted, liars, suspicious types, amateur and “Noobs” as

Lights, camera, where is the Script? – JavaScript in short

We know HTML is all about editing, CSS is all about designing, what’s left you ask? Well, JavaScript of course! In other words, JS is

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

The average hacker shopping list – the CVE

When i take an X-Rey my doctor sits me down and simply “roast” me with stuff like how un-healthy i am, how i should stop

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?