X-XSS-Protection

HTTP response header

X-XSS-Protection enables browser cross-site scripting filter

Header usage statistics

X-XSS-Protection response header information and usage statistics.

Websites using header X-XSS-Protection 1,366,297
Percentage of websites that use X-XSS-Protection header 12.57%
Total discovered header values 762
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-XSS-Protection Directives (4 total)

  • 0
  • 1
  • mode
  • report

X-XSS-Protection Directives

X-XSS-Protection directives value information and usage statistics

Directive Share Websites count Unique Values
1 75.60% 1,032,966 2
mode 70.03% 956,807 32
0 5.56% 75,927 2
report 0.52% 7,081 511

Distribution by websites popularity

X-XSS-Protection detection in the top websites by popularity

Top 10k sites 3,381 websites
Top 100k sites 29,577 websites
Top 1m sites 147,052 websites

Websites utilizing X-XSS-Protection

List of websites that use X-XSS-Protection header

Domain Country Rank Contacts
fonts.googleapis.com United States of America 1
www.facebook.com Ireland 2
twitter.com United States of America 3
youtube.com United States of America 4
www.youtube.com United States of America 4
google.com United States of America 5
See full domain list
Flat price per report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-XSS-Protection header values

Header value Value prevalence
1; mode=block 83.17%
1 7.51%
0 6.35%
1;mode=block 1.39%
"1; mode=block" 0.70%
0;report=https://cdn.website-start.de/app/reporting/policyviolation/submit 0.26%
1; mode=block; 0.17%
0;report=https://cdn.initial-website.com/app/reporting/policyviolation/submit 0.07%
1; mode=block; report=/beacon/csp.php 0.04%
1; 0.02%
: 1; mode=block 0.02%
1; mode=block 0.02%
1; report=https://www.yelp.com/xss_protection_report 0.02%
1; mode=block; report=https://csp.search.yahoo.com/xssreport 0.01%
0; mode=block 0.01%
1; mode=block; report=/xssProtection.txt 0.01%
1; mode=block; report=https://report-uri.highwebmedia.com/r/t/xss/enforce 0.01%
1; mode = block 0.01%
1; mode=block; report=/csr.php 0.01%
: 1;mode=block 0.01%