Header Test

Verify if cross-site scripting vulnerability protection
is enabled in your site’s HTTP response headers

Checking for the XSS header...

Great! X-XSS-Protection header was found
in the HTTP response headers as highlight below.

Couldn’t find the X-XSS-Protection header
in the response headers.

Header Value



About X-XSS-Protection Header

X-XSS-Protection is a security header to protect from cross-site scripting vulnerabilities. XSS header is compatible with the modern browser and often will be recommended by online security scanner, penetration testing.

If using Apache, Nginx, IIS then you may refer this guide. Alternatively, if using cloud-based security provider service like SUCURI, then you can get it enabled through custom rules.

Hand-picked best resources to supercharge
your Website and Business

Explore Collections

More tools for your Website

Ping Test

Check if your site or IP can respond to ping globally

Test Now

Traceroute Test

Traceroute your IP or site to find network related issue

Test Now

TLS 1.3 Test

Test supported TLS version on the site

Test Now

TLS Scanner

Check the supported protocol, server preferences, certificate details, common vulnerabilities and more

Test Now


Check if DNS Security Extensions is enabled on your domain

Test Now

TCP Port Scanner

Quickly find out what ports are open on public Internet-facing IP or website

Test Now

Latest Articles