The X-XSS-Protection response header is one of the major features of most of the web browsers to stop cross-site scripting. It stops the pages from loading when they detect reflected cross-site scripting attacks. It is found that the X XSS Protection header is disabled in the application. This application is at risk due to its vulnerability to Cross-site Scripting attacks.The X-XSS-Protection header is designed to enable the cross-site scripting filter built into modern web browsers.
The major impact for this violation is cross-scripting attacks.
Mitigation / Precaution
The only mitigation is to enable the X-XSS-Protection and set the value to 1.
Check your website security today and
identify vulnerabilities before hackers exploit them.