XSS risk reduction with X-XSS-Protection: 1; mode=block header

Disclosed: 2019-08-09 08:30:27 By dawidczagan To radancy

Unknown

Vulnerability Details

As you can read for example on this Microsoft blog (http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx): " ... X-XSS-Protection: 1; mode=block When this token is present, if a potential XSS Reflection attack is detected, Internet Explorer will prevent rendering of the page. ... " Thus it is recommended to add X-XSS-Protection: 1; mode=block header to reduce XSS risk.

Actions

View on HackerOne

Report Stats

Report ID: 94909
State: Closed
Substate: resolved
Upvotes: 31

XSS risk reduction with X-XSS-Protection: 1; mode=block header

Vulnerability Details

Actions

Report Stats

Share this report