X-XSS-Protection

HTTP response header

X-XSS-Protection enables browser cross-site scripting filter

Header usage statistics

X-XSS-Protection response header information and usage statistics.

Websites using header X-XSS-Protection 1,279,637
Percentage of websites that use X-XSS-Protection header 11.20%
Total discovered header values 5,794
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-XSS-Protection Directives (4 total)

  • 0
  • 1
  • mode
  • report

X-XSS-Protection Directives

X-XSS-Protection directives value information and usage statistics

Directive Share Websites count Unique Values
1 62.57% 800,665 1
mode 56.71% 725,743 24
0 5.25% 67,125 1
report 0.62% 7,982 422

Distribution by websites popularity

X-XSS-Protection detection in the top websites by popularity

Top 10k sites 3,148 websites
Top 100k sites 28,401 websites
Top 1m sites 134,780 websites

Websites utilizing X-XSS-Protection

List of websites that use X-XSS-Protection header

Domain Country Rank Contacts
fonts.googleapis.com United States of America 1
twitter.com United States of America 3
youtube.com United States of America 4
google.com United States of America 5
www.youtube.com United States of America 14,442
www.facebook.com United States of America 22,750
See full domain list

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-XSS-Protection header values

Header value Value prevalence
1; mode=block 83.31%
1 7.39%
0 6.58%
1;mode=block 1.42%
0;report=https://cdn.website-start.de/app/reporting/policyviolation/submit 0.29%
1; mode=block; 0.15%
0;report=https://cdn.initial-website.com/app/reporting/policyviolation/submit 0.08%
1; mode=block; report=/beacon/csp.php 0.05%
1; 0.02%
: 1; mode=block 0.02%
1; report=https://www.yelp.com/xss_protection_report 0.02%
1; mode=block; report=https://csp.search.yahoo.com/xssreport 0.01%
0; mode=block 0.01%
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce 0.01%
1; mode=block; report=/csr.php 0.01%
1; mode=block; report=/xssProtection.txt 0.01%
1; mode=block; report=https://www.hse.ru/n/api/xss/report 0.01%
: 1;mode=block 0.01%
1; mode=block; report=https://ordermygear.report-uri.com/r/t/xss/enforce 0.01%
1; mode = block 0.01%