/vulndb/XSS Protection Error

A basic XSS protection mechanism is present in every modern browser. This mechanism is active by default but may be disabled by setting the response header “X-XSS-Protection” to the value “0”.

Without the browser’s built-in XSS Protection an attacker is able to perform XSS attacks with simpler payloads.

Solution

Ensure that the X-XSS-Protection header is correctly set to prevent some types of XSS attacks.

References

https://wiki.mozilla.org/Security/Features/XSS_Filter http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_response_headers