X-XSS-Protection headers. Protection or vulnerability?

What is it?

These headers are a security mechanism implemented by the browser but sent by the server. This means that the server is sending the headers in the response while the browser is the one who sees it and implements security measures.

Photo by Franck on Unsplash

This means that if the server sends along with this header but if the user is using a custom…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store