Cross-site scripting Protection (X-XSS-Protection header)

This header is non-standard and should not be used. Instead, it is recommended to use a Content Security Policy (CSP) header.

For more information about the X-XSS-Protection header, and why it should not be used, see MDN web docs.

How to fix this health check

This health check can be fixed by ensuring no middleware adds the header.

Last updated 16 days ago

Was this helpful?