Vulnerabilities/

X-XSS-Protection Header is Missing

Impact: Informational

Description

The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Mozilla

Recommendation

Configure your server to send this header for all pages. You can see references for possible values.

References

Last updated on February 15, 2021

Use SmartScanner Free version to test for this issue

Download