HTTP header X-XSS-Protection, which is now outdated (replaced by CSP)

NetworkPrivate Resource

and may even cause security vulnerabilities

Min version: 9.0.0Defaults: enabled mode report

Relationships

Network

2 resources · 2 relationships·Click to select, expand fields to see properties.

Field	Type	Description
`enabled`required	int	Whether the header is enabled (Enabled when the header value is set to 1; disabled if set to 0)
`mode`required	string	Mode for XSS filtering
`report`required	string	Report endpoint for violations (Chromium only)