class Helmet::XSSFilterHandler


The X-XSS-Protection HTTP header is a basic protection against cross-site scripting attacks. It was originally by Microsoft but Chrome has since adopted it as well.

This handler sets the X-XSS-Protection header. On modern browsers, it will set the value to 1; mode=block. On old versions of Internet Explorer, this creates a vulnerability (see here and here), and so the header is set to 0 to disable it.

Example usage:

server ="", 8080, [,
  # ...

To force the header to be set to 1; mode=block on all versions of Internet Explorer, add the set_on_old_ie option:

server ="", 8080, [ true),
  # ...

Defined in:


Class Method Summary

Instance Method Summary

Class Method Detail

def : Bool = false) #

[View source]

Instance Method Detail

def call(context : HTTP::Server::Context) #

[View source]