X-XSS-PROTECTION HEADER DISABLED

Feature Value
Type Detection
Risk -
Covered by Agent

Application has disabled XSS protection by sending an insecure header value.

More information

How to solve it

Send one of the following values:

    X-XSS-Protection: 1

Filter enabled. If a cross-site scripting attack is detected, in order to stop the attack, the browser will sanitize the page.

    X-XSS-Protection: 1; mode=block

Filter enabled. Rather than sanitize the page, when a XSS attack is detected, the browser will prevent rendering of the page.

    X-XSS-Protection: 1; report=http://[YOURDOMAIN]/your_report_URI

Filter enabled. The browser will sanitize the page and report the violation. This is a Chromium function utilizing CSP violation reports to send details to a URI of your choice.