As vulnerability scanning software, we have to constantly develop to keep up with the latest threats and updates. Recently we removed support for the X-XSS-Protection header.yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 X-XSS-Protection Retired, What To Do Instead?

What does the X-XSS-Protection header do?

The X-XSS-Protection header enables an XSS detection feature in the browser, which prevents some categories of XSS attacks.

Why is it being removed?

Some browsers phased out support for X-XSS-Protection in 2019 (Chrome and Edge), and this trend continued in 2020. Therefore it has become redundant except for legacy browsers.

What browsers still support it?

X-XSS-Protection Retired

Source: Firefox

You can stay up to date with the latest data here: https://github.com/mdn/browser-compat-data.

What to do instead?

Enabling a strong content-security-policy header will offer you protection against XSS. You can read more about enabling security headers here.

Scan for free now