X-XSS-Protection

HTTP response header

X-XSS-Protection enables browser cross-site scripting filter

Header usage statistics

X-XSS-Protection response header information and usage statistics.

Websites using header X-XSS-Protection 1,356,127
Percentage of websites that use X-XSS-Protection header 11.64%
Total discovered header values 1,801
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-XSS-Protection Directives (4 total)

  • 0
  • 1
  • mode
  • report

X-XSS-Protection Directives

X-XSS-Protection directives value information and usage statistics

Directive Share Websites count Unique Values
1 73.59% 997,986 2
mode 68.65% 930,950 29
0 5.45% 73,880 2
report 0.53% 7,164 505

Distribution by websites popularity

X-XSS-Protection detection in the top websites by popularity

Top 10k sites 3,311 websites
Top 100k sites 29,368 websites
Top 1m sites 143,830 websites

Websites utilizing X-XSS-Protection

List of websites that use X-XSS-Protection header

Domain Country Rank Contacts
fonts.googleapis.com United States of America 1
www.facebook.com United States of America 2
twitter.com United States of America 3
youtube.com United States of America 4
www.youtube.com United States of America 4
google.com United States of America 5
See full domain list

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-XSS-Protection header values

Header value Value prevalence
1; mode=block 82.58%
1 7.44%
0 6.41%
1;mode=block 1.39%
"1; mode=block" 1.22%
0;report=https://cdn.website-start.de/app/reporting/policyviolation/submit 0.28%
1; mode=block; 0.16%
0;report=https://cdn.initial-website.com/app/reporting/policyviolation/submit 0.08%
1; mode=block; report=/beacon/csp.php 0.04%
1; 0.02%
: 1; mode=block 0.02%
1; report=https://www.yelp.com/xss_protection_report 0.02%
1; mode=block; report=https://csp.search.yahoo.com/xssreport 0.01%
0; mode=block 0.01%
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce 0.01%
1; mode=block; report=/xssProtection.txt 0.01%
: 1;mode=block 0.01%
1; mode=block; report=/csr.php 0.01%
1; mode = block 0.01%
1; mode=block; report=https://www.hse.ru/n/api/xss/report 0.01%