Magento – Console showing Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block:

http-headermagento2.2.3Security

I don't know what it's means and how to remove this error.

  • it's showing in my chrome console . but not in firefox console..

(index):1 Error parsing header X-XSS-Protection: 1; mode=block, 1; mode=block: expected semicolon at character position 13. The default protections will be applied.

enter image description here

Here's Response header

Cache-Control: max-age=0, must-revalidate, no-cache, no-store
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jun 2018 07:27:16 GMT
Expires: Mon, 19 Jun 2017 07:27:19 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Set-Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/ritz; domain=mydomain.com; HttpOnly
Set-Cookie: form_key=BiFqDSvrvVRBd7jn; expires=Tue, 19-Jun-2018 08:27:19 GMT; Max-Age=3600; path=/mydirectory; domain=mydomain.com
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block

Request header

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Authorization: Basic dGVzdDptaWRhc0AxMjM=
Cache-Control: max-age=0
Connection: keep-alive
Cookie: PHPSESSID=0ean77aq28m84hsbfm1fg71996; mage-translation-storage=%7B%7D; mage-translation-file-version=%7B%7D; form_key=BiFqDSvrvVRBd7jn; store=default; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; mage-cache-sessid=true; mage-messages=; recently_viewed_product=%7B%7D; recently_viewed_product_previous=%7B%7D; recently_compared_product=%7B%7D; recently_compared_product_previous=%7B%7D; product_data_storage=%7B%7D; private_content_version=fcad1216f3986344d5a56dd2b60c1c29; section_data_ids=%7B%22directory-data%22%3A1529391306%2C%22cart%22%3A1529392350%7D
DNT: 1
Host: mydomain.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Best Answer

Open .htacces in magento 1 root file and find 'X-XSS' you get below line

Header set X-XSS-Protection: "1; mode=block" env=!ie8

assigne '#' befrore this line

Related Topic