Test if XSS protection is enabled in HTTP header.

Verify if cross-site scripting vulnerability protection is enabled in your site’s HTTP response headers.

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

What is X-XSS-Protection?

X-XSS-Protection is a security header to protect from cross-site scripting vulnerabilities. XSS header is compatible with the modern browser and often will be recommended by online security scanner, penetration testing.

How to implement XSS header?

If using Apache, Nginx, IIS then you may refer this guide. Alternatively, if using cloud-based security provider service like SUCURI, then you can get it enabled through custom rules.

Once you are done with the header implementation, use this XSS header test tool to verify.