Description
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome, and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Bussines Impact
The major impact of this violation is cross-scripting attacks.
Recommendation
Add the X-XSS-Protection header with a value of “1; mode= block”.X-XSS-Protection: 1; mode=block
Reference
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection