Topic: Browser XSS Protection

Report Abuse Report Abuse
ertaius (Over 1 year ago)
I'm getting this error in the console...

The XSS Auditor refused to execute a script in 'https://mySSLsecuredWebsite.com/article' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.

Is there a reason that a dynamic url //:linkToEmbed cannot be used to fit whatever protocol is used on a users site?