X-XSS-Protection

HTTP response header

X-XSS-Protection enables browser cross-site scripting filter

Header usage statistics

X-XSS-Protection response header information and usage statistics.

Websites using header X-XSS-Protection 4,433,242
Percentage of websites that use X-XSS-Protection header 8.27%
Total discovered header values 1,592
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-XSS-Protection Directives (4 total)

  • 0
  • 1
  • mode
  • report

X-XSS-Protection Directives

X-XSS-Protection directives value information and usage statistics

Directive Share Websites count Unique Values
1 31.98% 1,417,882 2
mode 30.69% 1,360,345 19
0 2.62% 116,318 1
report 0.80% 35,304 212

Distribution by websites popularity

X-XSS-Protection detection in the top websites by popularity

Top 10k sites 3,351 websites
Top 100k sites 29,422 websites
Top 1m sites 145,412 websites

Websites utilizing X-XSS-Protection

List of websites that use X-XSS-Protection header

Domain Country Rank Contacts
fonts.googleapis.com United States of America 1
www.facebook.com United States of America 2
twitter.com United States of America 3
youtube.com United States of America 4
www.youtube.com United States of America 4
google.com United States of America 5
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-XSS-Protection header values

Header value Value prevalence
1; mode=block 83.76%
0 6.24%
1 5.19%
0;report=https://cdn.website-start.de/app/reporting/policyviolation/submit 1.72%
1;mode=block 1.54%
"1; mode=block" 0.66%
1; mode=block; 0.25%
0;report=https://cdn.initial-website.com/app/reporting/policyviolation/submit 0.24%
0;report=https://cdn.eu.mywebsite-editor.com/app/reporting/policyviolation/submit 0.04%
1; mode=block; report=/csr.php 0.03%
1; mode=block 0.03%
0; mode=block 0.02%
1; 0.02%
: 1;mode=block 0.01%
1\; mode=block 0.01%
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce 0.01%
: 1; mode=block 0.01%
0; 0.01%
1; mode = block 0.01%
"1; mode=block" always 0.01%