Provides protection against reflected cross-site scripting attacks.
Setting this header will protect a user if the web browser detects that a reflected cross-site scripting (XSS) attack is underway. There are 4 possible values for this header.
0: Disables XSS filtering.
1: If a XSS attack is detected, the page will be sanitized by the browser (recommended setting).
1;mode=block: If a XSS attack is detected, the page will not be displayed.
1;report=<URI>: If a XSS attack is detected, the page will be sanitized and reported to you via the URI mechanism.
For more information about reflected cross-site-scripting attacks and how ValidBot test your website, please read about our X-XSS-Protection Validation Test and we also have a detailed article about additional security headers if you want to fully protect your users.
For more information about this header, please read the documentation on MDN Web Docs.