X-XSS-Protection

HTTP response header

X-XSS-Protection enables browser cross-site scripting filter

Header usage statistics

X-XSS-Protection response header information and usage statistics.

Websites using header X-XSS-Protection 7,875,157
Percentage of websites that use X-XSS-Protection header 7.90%
Total discovered header values 3,545
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-XSS-Protection Directives (4 total)

  • 0
  • 1
  • mode
  • report

X-XSS-Protection Directives

X-XSS-Protection directives value information and usage statistics

Directive Share Websites count Unique Values
1 93.00% 7,324,083 2
mode 89.03% 7,011,044 21
0 9.06% 713,492 2
report 2.22% 174,942 302

Distribution by websites popularity

X-XSS-Protection detection in the top websites by popularity

Top 10k sites 3,407 websites
Top 100k sites 29,035 websites
Top 1m sites 205,433 websites

Websites utilizing X-XSS-Protection

List of websites that use X-XSS-Protection header

Domain Country Rank Contacts
fonts.googleapis.com United States of America 1
www.facebook.com United States of America 2
google.com United States of America 3
www.google.com United States of America 3
youtube.com United States of America 6
www.youtube.com United States of America 6
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-XSS-Protection header values

Header value Value prevalence
1; mode=block 85.73%
0 6.99%
1 4.57%
1;mode=block 2.02%
0;report=https://cdn.website-start.de/app/reporting/policyviolation/submit 1.69%
"1; mode=block" 0.54%
0;report=https://cdn.initial-website.com/app/reporting/policyviolation/submit 0.26%
1; mode=block; 0.25%
1; mode=block 0.06%
0;report=https://cdn.eu.mywebsite-editor.com/app/reporting/policyviolation/submit 0.04%
1; report=https://www.yelp.com/xss_protection_report 0.03%
0; 0.03%
1; mode=block; report=/csr.php 0.02%
: 1; mode=block 0.02%
1 ; mode=block 0.02%
1; 0.02%
0; mode=block 0.02%
: 1;mode=block 0.02%
"1; mode=block" always 0.02%
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce 0.02%