13:[["$","$L142",null,{"props":{"lessonContent":{"components":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"The HTTP header **X-XSS-Protection** is used by IE8 and IE9 and allows the Cross-Site-Scripting (XSS) filter capability that is built into the browser to be toggled on or off.\n\nTurning XSS filtering on for any IE8 and IE9 browsers rendering your web application requires the following HTTP header to be sent:\n\n```\nX-XSS-Protection: 1; mode=block\n```\n\nWith Helmet, this protection can be turned on using the following snippet:\n\n```js\nconst helmet = require(\"helmet\");\n\napp.use(helmet.xssFilter());\n```","mdHtml":"

The HTTP header X-XSS-Protection is used by IE8 and IE9 and allows the Cross-Site-Scripting (XSS) ...

","comp_id":"_cnKkZu7q8ppBSPhVFT2E"},"iteration":4,"hash":1,"saveVersion":2}],"summary":{"tags":["XSS","Internet Explorer","IE8"],"description":"Explore the purpose and functionality of the X XSS Protection HTTP header, how it activates built-in browser XSS filters in IE8 and IE9, and how to implement it using Helmet in Node.js applications to enhance web security."},"content":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"The HTTP header **X-XSS-Protection** is used by IE8 and IE9 and allows the Cross-Site-Scripting (XSS) filter capability that is built into the browser to be toggled on or off.\n\nTurning XSS filtering on for any IE8 and IE9 browsers rendering your web application requires the following HTTP header to be sent:\n\n```\nX-XSS-Protection: 1; mode=block\n```\n\nWith Helmet, this protection can be turned on using the following snippet:\n\n```js\nconst helmet = require(\"helmet\");\n\napp.use(helmet.xssFilter());\n```","mdHtml":"

The HTTP header X-XSS-Protection is used by IE8 and IE9 and allows the Cross-Site-Scripting ...

","comp_id":"_cnKkZu7q8ppBSPhVFT2E"},"iteration":4,"hash":1,"saveVersion":2}],"darkModeContent":[{"type":"MarkdownEditor","content":{"version":"2.0","text":"The HTTP header **X-XSS-Protection** is used by IE8 and IE9 and allows the Cross-Site-Scripting (XSS) filter capability that is built into the browser to be toggled on or off.\n\nTurning XSS filtering on for any IE8 and IE9 browsers rendering your web application requires the following HTTP header to be sent:\n\n```\nX-XSS-Protection: 1; mode=block\n```\n\nWith Helmet, this protection can be turned on using the following snippet:\n\n```js\nconst helmet = require(\"helmet\");\n\napp.use(helmet.xssFilter());\n```","mdHtml":"

The HTTP header X-XSS-Protection is used by IE8 and IE9 and allows the Cross-Site-Scripting (XSS) ...

","comp_id":"_cnKkZu7q8ppBSPhVFT2E"},"iteration":4,"hash":1,"saveVersion":2}]},"isPreviewLesson":false,"pageType":"collection_lesson","aiCoachVideoUrl":"https://youtu.be/kgl8y9J3O6c","collectionDetailsSSR":{"title":"Web Application Security: Understanding HTTP Security Headers","summary":"This course teaches you hands-on practical use of HTTP security headers as browser security controls to help secure web applications.\n\nFor each HTTP security header that can enhance your web application security, you'll learn what is the overall risk of not implementing it, and what does a proposed solution help with. Finally, you'll learn how to implement and configure the security header with Helmet, a popular and well maintained Node.js package on npm.","details":"","clos":["Establishing secure web applications using HTTP security headers","Understanding Content Security Policy","Configuring Node.js web applications securely","Learning how to test and monitor for security headers and vulnerable JavaScript libraries","Roadmap for next steps in web controls and security headers spec"],"arabic_available":false,"page_tags":{"6590089602793472":"lighthouse,testing,security","5904274870501376":"","4983703055892480":"helmet,node.js,npm package","5759911750270976":"monitoring,webapp,security","5342363586134016":"webpagetest,security testing,performance testing","5283608609685504":"http,hsts,ssl","5226340774051840":"XSS,Internet Explorer,IE8","5242468342693888":"referrer,referer","6165492524908544":"http headers,migration,security controls","4593038314700800":"security testing,build","6200548022812672":"content-security-policy,CSP,browser security control","4898570479075328":"x-frame-options,iframe","4875675728084992":"","5380882287296512":"security headers,browser","5066286703837184":"heroku,git,Node.js","6105410764275712":"privacy,web spec","6009839152005120":"https,ssl,certificate","4819951587164160":""},"collection_toc_is_enabled":true,"page_count":null,"docker":{"envs":[],"container":{"buildLogUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/build/log","imageName":"author-6369210000211968-collection-6214384662609920-rev-18-container-6489644251742208-hsts_brew_final","file":{"name":"HSTS_brew_final.tar.gz","size":3786},"buildStatusUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/build/status","metadata":{"sizeInBytes":3786},"id":-1,"tarballDownloadUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/download","rebuildImageUrl":"https://www.educative.io/api/author/6369210000211968/collection/6214384662609920/containers/6489644251742208/rebuild","buildStatus":"SUCCESS","track":false},"version":3,"jobs":[{"key":"a_MUGE4NbOlaY1R80eVnq","name":"Chrome","inputFileName":"foo","runScript":"export DISPLAY=:1.0;\nuseradd -m chromeuser;\ngoogle-chrome --no-sandbox","jobType":"GUI","forceRelaunchOnRun":false,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"pNaYJBC234v_1Ik9zvHvR","name":"run_mal","inputFileName":"foo","runScript":"cp -r /usercode /Educative/nodejssecurity-headers-xframe-malicious","ports":"3000","startScript":"cp -r /usercode /Educative/nodejssecurity-headers-xframe-malicious\ncd /Educative/nodejssecurity-headers-xframe-innocent\nnohup npm start > /dev/null 2>&1 &\ncd /Educative/nodejssecurity-headers-xframe-malicious\nnpm start","jobType":"Live","https":false,"forceRelaunchOnRun":false,"runInLiveContainer":true},{"key":"B4OpzciNNzoW6GWc3kyco","name":"Chrome_hsts","inputFileName":"foo","runScript":"cd /Educative/nodejssecurity-headers-hsts/ \nnohup npm start > /dev/null 2>&1 &\nexport DISPLAY=:1.0;\ngoogle-chrome --no-sandbox","jobType":"GUI","forceRelaunchOnRun":false,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"dU2L1rfdPvznHh13PnpKj","name":"Chrome_hsts-mkcert","inputFileName":"foo","runScript":"nohup google-chrome --no-sandbox --disable-gpu --disable-software-rasterizer > /dev/null 2>&1 &\nsleep 3\npkill chrome\neval \"$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)\"\nmkcert -install\nclear\ntmux \\new-session \"cd /Educative/nodejssecurity-headers-hsts && npm start ; read\" \\; split-window \"export DISPLAY=:1.0 && google-chrome http://localhost:80 https://localhost:443 --no-sandbox --disable-gpu --disable-software-rasterizer; read\" \\; select-layout even-horizontal","jobType":"GUI","forceRelaunchOnRun":true,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"2w6T32N3QuP0T1PMoNOfc","name":"debug","inputFileName":"foo","runScript":"echo \"hi\"","ports":"3000","startScript":"echo \"hi\"","jobType":"Live","forceRelaunchOnRun":true,"runInLiveContainer":true},{"key":"Zg9nqvQXGGJuTurEHh_rc","name":"Chrome_hsts-mal","inputFileName":"foo","runScript":"cp -r /usercode/* /Educative/nodejssecurity-headers-xframe-malicious\ncd /Educative/nodejssecurity-headers-xframe-innocent\nnohup npm start > /dev/null 2>&1 &\ntmux \\new-session \"cd /Educative/nodejssecurity-headers-xframe-malicious && npm start ; read\" \\; split-window \"export DISPLAY=:1.0 && google-chrome http://localhost:3000 --no-sandbox --disable-gpu --disable-software-rasterize; read\" \\; select-layout even-horizontal","jobType":"GUI","forceRelaunchOnRun":true,"forceRelaunchOnCompChange":true,"runInLiveContainer":false},{"key":"voswksFkoJ7OwojQq8wP_","name":"Chrome_hsts-inn","inputFileName":"foo","runScript":"cp -r /usercode/* /Educative/nodejssecurity-headers-xframe-innocent\ncd /Educative/nodejssecurity-headers-xframe-innocent\nnohup npm start > /dev/null 2>&1 &\ntmux \\new-session \"cd /Educative/nodejssecurity-headers-xframe-malicious && npm start ; read\" \\; split-window \"export DISPLAY=:1.0 && google-chrome http://localhost:3000 http://localhost:3001 --no-sandbox --disable-gpu --disable-software-rasterize; read\" \\; select-layout even-horizontal","jobType":"GUI","forceRelaunchOnRun":true,"forceRelaunchOnCompChange":true,"runInLiveContainer":false}],"loaded":true},"discounted_price":null,"cover_image_id":6163948040093696,"cover_image_metadata":"{\"width\":1024,\"height\":512,\"sizeInBytes\":49566,\"name\":\"Understanding HTTP Security Headers_ .png\"}","cover_image_serving_url":"/v2api/collection/6369210000211968/6214384662609920/image/6163948040093696","tags":["web security","http security headers","Security headers","X XSS protection","Chrome's lighthouse"],"intro_video_url":"","intro_video_thumbnail_url":null,"aggregated_widget_stats":{"MarkdownEditor":68,"codeExerciseCount":0,"codeRunnableCount":1,"codeSnippetCount":31,"illustrations":19,"MxGraphWidget":1,"Code":1,"VNC":4,"Quiz":5,"Image":18,"SpoilerEditor":3,"StructuredQuiz":3,"TerminalWidget":1,"projects":0,"assessments":0},"default_themes":{"code_themes":{"SPA":"default","Code":"default","isForced":{"SPA":false,"Code":false,"Markdown":false,"RunJS":false},"Markdown":"default","RunJS":"default"}},"api_keys":{"api_keys":[]},"skills":[],"testimonials":[],"licensing":null,"target_audience":"beginner","author_id":"6369210000211968","collection_id":"6214384662609920","approval_status":3005,"price":29,"is_private":false,"path_type":"regular","organization_id":null,"is_mini":false,"is_priced":true,"brief_summary":" Gain insights into HTTP security headers, learn their risks, explore solutions, and discover how to implement them using Helmet for enhanced web application security.","approval_update_time":"2021-10-04T17:42:20.560Z","rating_visibility":true,"update_last_published_on_homepage":true,"show_developed_by":true,"udata_files":[],"CodeThemes":{"Code":"default","Markdown":"default","RunJS":"default","SPA":"default","isForced":{"Code":false,"Markdown":false,"RunJS":false,"SPA":false}},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"collection_type":"collection","adaptive_learning_mode":false,"HLOs_to_toc":{},"is_guide":false,"read_time":4200,"allow_logged_out_executions":false,"unique_live_widget_urls":false,"metadata_status":101,"palified_version":null},"pageSummarySSR":{"title":"X XSS Protection","description":"Explore the purpose and functionality of the X XSS Protection HTTP header, how it activates built-in browser XSS filters in IE8 and IE9, and how to implement it using Helmet in Node.js applications to enhance web security.","discourse_page_url":"https://discuss.educative.io/tag/x-xss-protection__http-security-headers__web-application-security-understanding-http-security-headers?open=true&ctag=web-application-security-understanding-http-security-headers__liran-tal&cslug=web-application-security-http-headers&pslug=x-xss-protection"},"adaptiveLearningConfigConstantSSR":0,"enableLessonPageLockedBannerV2":true,"allowAllLessonPreview":false,"lockedBannerStatsSSR":{"b2cTrialStats":{"is_b2c_trial_active":true,"b2c_trial_active_duration":21,"b2c_trial_categories":"$143"},"b2cStatus":100,"learnerTags":"$144","workStats":1630,"interviewWorksStats":100,"inL2cStarterPack":false,"l2cWorkStats":46,"enableL2cStarterPackPaymentWidget":"false"},"pageTocSSR":"","authorId":"6369210000211968","collectionId":"6214384662609920","pageId":"5226340774051840","isCollectionPageLockedCachingEnabled":true,"aceFeatureFlags":{"enableAceEditor":true,"enableAceEditorForAnswers":true},"serverConfigConstants":{"enable_notepad_prompt_ai":"$undefined"},"codeFeatureFlags":{"enableCodeCodeTabRedesign":"3"},"meta":{"type":["Article","TechArticle"],"title":"Understanding X XSS Protection HTTP Security Header","name":"Web Application Security: Understanding HTTP Security Headers","description":"Learn how the X XSS Protection header enables browser XSS filtering in IE8 and IE9 to protect web applications from cross-site scripting attacks.","image":"https://educative.io/api/collection/6369210000211968/6214384662609920/image/6163948040093696.png","isAccessibleForFree":false,"keywords":"$144","provider":"Educative","publisher":"Educative","id":"courses/web-application-security-http-headers/x-xss-protection","author":"Liran Tal","educationalLevel":"beginner","noIndex":true,"isForcedNoIndex":true,"noFollow":false,"redirectInfo":{"isDeletedCollectionPageRedirectable":false},"page_titles":{"6590089602793472":"Chrome's Lighthouse","5904274870501376":"X Content Type Options","4983703055892480":"Helmet - a Node.js Package for HTTP Security Headers","5759911750270976":"Monitor your web application","5342363586134016":"WebPageTest","4875675728084992":"Check My Headers command-line application","5226340774051840":"X XSS Protection","5242468342693888":"Referer and Referrer Policy","6165492524908544":"Establish a CSP and Security Headers standard","4593038314700800":"Summary","6200548022812672":"Content Security Policy","4898570479075328":"X Frame Options","5283608609685504":"HTTP Strict Transport Security","5380882287296512":"Headers as Browser Security Controls","5066286703837184":"Requirements","6105410764275712":"Other browser security headers and controls","6009839152005120":"The State of HTTP Security","4819951587164160":"Educational resources"},"is_marked_for_deletion":false,"transition_page_title":"","is_redirectable":false,"deleted_course_lesson_redirect":{"author_id":null,"collection_id":null,"page_id":null,"redirect_url_slug":null},"metadata_status":101,"additional_course_alternatives":[]},"requestUrl":"/courses/web-application-security-http-headers/x-xss-protection","requestUrlInfo":{"authorId":6369210000211968,"collectionId":6214384662609920,"pageId":5226340774051840,"courseUrlSlug":"web-application-security-http-headers","pageUrlSlug":"x-xss-protection"},"isExternalContent":false}}],[["$","script",null,{"id":"generate-data","type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$145"}}],false,"$undefined"]]