Web Browser XSS Protection Not Enabled

Deprecated: 2020-02-11

No longer widely supported by browsers.

Type: Passive Scan

Description

Web Browser XSS Protection is not enabled, or is disabled by the configuration of the ‘X-XSS-Protection’ HTTP response header on the web server

Solution

Ensure that the web browser's XSS filter is enabled, by setting the X-XSS-Protection HTTP response header to ‘1’.

References

Code

Last updated: 2020-04-30 09:48:11.442Z