X-XSS, also known as cross-site scripting, is a security header that protects websites from cross-site scripting.

By default, this security header is built into and activated in modern web browsers. When you implement it, your browser will be forced to load it. This security header would not let a page load if it detects a cross-site scripting attack.