Insecure or unset HTTP headers - X-XSS Protection
Description
The application uses the X-XSS Protection header considered deprecated. The use of this header may lead to stored XSS vulnerabilities.
Impact
Increase the chance of exploiting a stored XSS.
Recommendation
Disable the X-XSS Protection filter in the server responses. Instead, define security policies using CSP Header.
Threat
Unauthorized attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.