Get a quote

Vulnerability Fixation
X-xss Protection Header Missing

Book a Free Consultation

Vulnerability:
What is X-XSS-Protection header?
This header is used to configure the built in reflective XSS protection found in browsers (i.e. Internet Explorer, Chrome and Mozilla, etc) meaning that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. The basic syntax for this header:

X-XSS-Protection: 0
X-XSS-Protection: 1
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=<reporting-uri>

In cases when parameter value entered in a Web application through an un-trusted source, most frequently a web request, leads to cross site scripting attacking either stealing of data or modifying some data.

                                                                                                Solution
                                        Configure this header for the web application ensuring correct values are set.
                                        X-XSS-Protection: 1; mode=block
PHP

header("X-XSS-Protection: 1; mode=block");

Apache

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>

Nginx

add_header "X-XSS-Protection" "1; mode=block";

Also Read :

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More

Content Sniffing

How To Enable Content Sniffing?

Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...

Read More