Internet Explorer XSS Protection disabled on this page

Description

Internet Explorer includes a feature that makes "Type-1" Cross-Site Scripting (XSS) vulnerabilities much more difficult to exploit from within Internet Explorer.
Web developers may wish to disable the filter for their content.They can do so by setting a HTTP header:

X-XSS-Protection: 0

Remediation

Investigate if it's necessary to disable the XSS protection on this page.

Severity
Classification
Tags
  • Configuration