X-XSS-Protection response header


Cross-site scripting filter


X-XSS-Protection header statistics


Header used by13.13%
Unique header value count23399
Most used header value1; mode=block
Highest ranking websitetwitter.com


Common X-XSS-Protection response header values


Header name Header value Occurence
X-XSS-Protection1; mode=block86.5%
X-XSS-Protection04.5%
X-XSS-Protection14.3%
X-XSS-Protection1;mode=block1.2%
X-XSS-Protection1;0.5%
X-XSS-Protection1,mode=block0.2%
X-XSS-Protection1; mode=block;0.1%
X-XSS-Protection1; mode=block; report=https://csp.search.yahoo.com/xssreport0.1%
X-XSS-Protection1; mode=block; report=https://cspreport.mail.ru/xxssprotection0.1%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-www"0.1%
X-XSS-Protection1; mode=block; report=https://okta.report-uri.com/r/d/xss/enforce0.1%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-de"0.0%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-brvida"0.0%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-esuvida"0.0%
X-XSS-Protection1; mode=block; report=https://hipages.report-uri.com/r/d/xss/enforce0.0%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-sg-news"0.0%
X-XSS-Protection1; mode=block; report=https://www.netflix.com/ichnaea/log/freeform/xssreport0.0%
X-XSS-Protection1; mode=block; report=https://eset.report-uri.com/r/d/xss/enforce0.0%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-frnews"0.0%
X-XSS-Protection1; report="https://csp.yahoo.com/beacon/csp?src=fp-hpkp-sgst"0.0%


Top websites that use X-XSS-Protection header


twitter.comwww.facebook.comwww.google.comgoogle.com
www.theguardian.comwww.linkedin.comwww.nytimes.comnews.yahoo.com
news.google.comwww.reddit.comwww.barrons.comwww.youtube.com
www.usatoday.comwww.huffingtonpost.comdevelopers.facebook.comwww.cnn.com
www.wsj.comwww.nypost.comwww.instagram.coml.facebook.com
instagram.comaccounts.google.comitunes.apple.comwww.twitter.com
de-de.facebook.comzh-cn.facebook.comm.twitter.comja-jp.facebook.com
play.google.comsupport.google.comblog.twitter.comads.twitter.com
dev.twitter.combusiness.twitter.commessenger.comabout.twitter.com
marketing.twitter.compolicies.oath.comwww.britbox.comwww.verizonmedia.com
facebook.comsupport.twitter.comwww.yahoo.comdeveloper.linkedin.com
browser.yandex.rufonts.googleapis.comguce.huffpost.comaccount.bbc.com
mail.yahoo.comappleid.apple.compolicies.google.comapple.news
passport.yandex.ruwww.pinterest.comhelp.yahoo.comabout.linkedin.com
yahoo.uservoice.comwww.googletagmanager.comgithub.comgfycat.com
tv.youtube.compress.linkedin.comtwittercommunity.comblog.linkedin.com
www.twitterflightschool.comhelp.twitter.cominvestor.twitterinc.comproductexperts.withgoogle.com
careers.twitter.comsupport.apple.comwww.dowjones.combusiness.linkedin.com
learning.linkedin.comadvertising.theguardian.comhelpcenter.washingtonpost.combrand.linkedin.com
payments.google.comdiscountcode.theguardian.commobile.linkedin.comhelp.washingtonpost.com
www.huffpost.comcoupons.huffpost.comprofile.theguardian.comwww.cbeebies.com
help.nytimes.commanage.theguardian.comworkforus.theguardian.comtv.apple.com
www.mansionglobal.comguce.yahoo.comcustomercenter.wsj.complus.google.com
metrika.yandex.rusupport.theguardian.comtv.yandex.runypost.com
investor.apple.comzen.yandex.ruwww.mozilla.orgwww.snapchat.com


Usage by top level domain (TLD)


Header nameTop level domainFrequency of usage
X-XSS-Protectioncom33.3%
X-XSS-Protectionorg2.4%
X-XSS-Protectionnet1.1%
X-XSS-Protectioncn0.9%
X-XSS-Protectiongov0.9%
X-XSS-Protectionco.jp0.8%
X-XSS-Protectionde0.7%
X-XSS-Protectionio0.5%
X-XSS-Protectionjp0.5%
X-XSS-Protectionru0.4%