X-XSS-Protection
In this lesson, we'll study how the X-XSS-Protection header can be used to mitigate XSS attacks.
We'll cover the following...
Introduction
Although superseded by CSP, the X-XSS-Protection
header provides a similar type of protection. Unsupported by Firefox, this header is used to mitigate XSS attacks in older browsers that don’t fully support CSP.
The syntax is very similar to what we’ve just seen.
X-XSS-Protection: 1; report=http://xssviolations.example.com/collector
Trying it out
Reflected XSS is the most ...