X-XSS-Protection

In this lesson, we'll study how the X-XSS-Protection header can be used to mitigate XSS attacks.

We'll cover the following...

Introduction

Although superseded by CSP, the X-XSS-Protection header provides a similar type of protection. Unsupported by Firefox, this header is used to mitigate XSS attacks in older browsers that don’t fully support CSP.

The syntax is very similar to what we’ve just seen.

X-XSS-Protection: 1; report=http://xssviolations.example.com/collector

Trying it out

Reflected XSS is the most ...