While largely superseded by CSP, the X-XSS-Protection header provides a layer of defense for older browsers. This tool checks if your server provides this legacy protection.
Ready to scan...
It is good for legacy support, but Content Security Policy (CSP) is the modern standard.