[ GF.dev ] All Tools →

XSS Header Test

While largely superseded by CSP, the X-XSS-Protection header provides a layer of defense for older browsers. This tool checks if your server provides this legacy protection.

Ready to scan...

Frequently Asked Questions

Should I still use this?

It is good for legacy support, but Content Security Policy (CSP) is the modern standard.

Learn More

The Complete Guide to HTTP Security Headers (Guide)

XSS Protection Headers: What Still Works in 2026 · The Complete Guide to HTTP Security Headers