What is the http-header “X-XSS-Protection”?

by

X-XSS-Protection is a HTTP header understood by Internet Explorer 8 (and newer versions).
This header lets domains toggle on and off the “XSS Filter” of IE8, which prevents some categories of XSS attacks.
IE8 has the filter activated by default, but servers can switch if off by setting

   X-XSS-Protection: 0

See also http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx

More Related Contents:

  1. application/x-www-form-urlencoded or multipart/form-data?
  2. Are HTTP headers case-sensitive?
  3. Do I need Content-Type: application/octet-stream for file download?
  4. Maximum on HTTP header values?
  5. Custom HTTP headers : naming conventions
  6. What’s the difference between Cache-Control: max-age=0 and no-cache?
  7. Difference between Pragma and Cache-Control headers?
  8. Is there a practical HTTP Header length limit?
  9. Detecting the character encoding of an HTTP POST request
  10. HTTP Range header
  11. How can I get the clients IP address from HTTP headers?
  12. Content-Length header with HEAD requests?
  13. Why is Cache-Control attribute sent in request header (client to server)?
  14. How to forward headers on HTTP redirect
  15. Difference between Content-Range and Range headers?
  16. How does “304 Not Modified” work exactly?
  17. What is q=0.5 in Accept* HTTP headers?
  18. How big can a user agent string get?
  19. What is Cache-Control: private?
  20. Standard for adding multiple values of a single HTTP Header to a request or response
  21. How can I find out whether a server supports the Range header?
  22. Setting HTTP headers
  23. what characters are allowed in HTTP header values?
  24. Does the HTTP Protocol support multiple content types in response headers?
  25. What is HTTP “Host” header?
  26. How to evaluate http response codes from bash/shell script?
  27. Is the Content-Length header required for a HTTP/1.0 response?
  28. Is REST DELETE really idempotent?
  29. Keep-alive header clarification
  30. S3: How to do a partial read / seek without downloading the complete file?

Leave a Comment