{"id":"https://openalex.org/W7138068572","doi":"https://doi.org/10.1007/s11280-026-01410-1","title":"The Death of the X-XSS-Protection Header: A Web Security Post-Mortem","display_name":"The Death of the X-XSS-Protection Header: A Web Security Post-Mortem","publication_year":2026,"publication_date":"2026-03-18","ids":{"openalex":"https://openalex.org/W7138068572","doi":"https://doi.org/10.1007/s11280-026-01410-1"},"language":"en","primary_location":{"id":"doi:10.1007/s11280-026-01410-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11280-026-01410-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11280-026-01410-1.pdf","source":{"id":"https://openalex.org/S129236917","display_name":"World Wide Web","issn_l":"1386-145X","issn":["1386-145X","1573-1413"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"World Wide Web","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s11280-026-01410-1.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082915920","display_name":"Andrew Besmer","orcid":null},"institutions":[{"id":"https://openalex.org/I169086405","display_name":"Winthrop University","ror":"https://ror.org/04mpzkf73","country_code":"US","type":"education","lineage":["https://openalex.org/I169086405"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Andrew Besmer","raw_affiliation_strings":["Department of Computing and Information Sciences, Winthrop University, Rock Hill, SC, 29733, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computing and Information Sciences, Winthrop University, Rock Hill, SC, 29733, USA","institution_ids":["https://openalex.org/I169086405"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129750036","display_name":"Jason Watson","orcid":null},"institutions":[{"id":"https://openalex.org/I12970578","display_name":"University of North Alabama","ror":"https://ror.org/0584fj407","country_code":"US","type":"education","lineage":["https://openalex.org/I12970578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Watson","raw_affiliation_strings":["Department of Computer Science and Information Systems, University of North Alabama, Florence, AL, 35632, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Information Systems, University of North Alabama, Florence, AL, 35632, USA","institution_ids":["https://openalex.org/I12970578"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5119199802","display_name":"David Scibelli","orcid":null},"institutions":[{"id":"https://openalex.org/I169086405","display_name":"Winthrop University","ror":"https://ror.org/04mpzkf73","country_code":"US","type":"education","lineage":["https://openalex.org/I169086405"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Scibelli","raw_affiliation_strings":["Department of Computing and Information Sciences, Winthrop University, Rock Hill, SC, 29733, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computing and Information Sciences, Winthrop University, Rock Hill, SC, 29733, USA","institution_ids":["https://openalex.org/I169086405"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5082915920"],"corresponding_institution_ids":["https://openalex.org/I169086405"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.90737693,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":"29","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.676800012588501,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.676800012588501,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.12219999730587006,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.08550000190734863,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/web-application-security","display_name":"Web application security","score":0.5771999955177307},{"id":"https://openalex.org/keywords/internet-security","display_name":"Internet security","score":0.32089999318122864},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.31839999556541443},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.3131999969482422},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.30979999899864197},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2994999885559082}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7125999927520752},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5892000198364258},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.5771999955177307},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4715999960899353},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.46720001101493835},{"id":"https://openalex.org/C22111027","wikidata":"https://www.wikidata.org/wiki/Q1070427","display_name":"Internet security","level":4,"score":0.32089999318122864},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.31839999556541443},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.3131999969482422},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.30979999899864197},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2994999885559082},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2874000072479248},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.28040000796318054},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.27959999442100525},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.2711000144481659},{"id":"https://openalex.org/C182321512","wikidata":"https://www.wikidata.org/wiki/Q1153289","display_name":"Web standards","level":3,"score":0.26989999413490295}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s11280-026-01410-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11280-026-01410-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11280-026-01410-1.pdf","source":{"id":"https://openalex.org/S129236917","display_name":"World Wide Web","issn_l":"1386-145X","issn":["1386-145X","1573-1413"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"World Wide Web","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s11280-026-01410-1","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11280-026-01410-1","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11280-026-01410-1.pdf","source":{"id":"https://openalex.org/S129236917","display_name":"World Wide Web","issn_l":"1386-145X","issn":["1386-145X","1573-1413"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"World Wide Web","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Gender equality","id":"https://metadata.un.org/sdg/5","score":0.5665119290351868}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7138068572.pdf","grobid_xml":"https://content.openalex.org/works/W7138068572.grobid-xml"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W200873936","https://openalex.org/W1991074244","https://openalex.org/W2060692877","https://openalex.org/W2291769357","https://openalex.org/W2510134782","https://openalex.org/W2586063241","https://openalex.org/W2770499023","https://openalex.org/W2805746269","https://openalex.org/W2914801588","https://openalex.org/W2948008293","https://openalex.org/W3000156325","https://openalex.org/W3041814692","https://openalex.org/W3153427056","https://openalex.org/W3155418077","https://openalex.org/W4360618510","https://openalex.org/W4395482179","https://openalex.org/W4399364148","https://openalex.org/W4405386986","https://openalex.org/W4406292844","https://openalex.org/W4408503786","https://openalex.org/W4409670722","https://openalex.org/W4409796880"],"related_works":[],"abstract_inverted_index":{"In":[0],"this":[1,153],"article":[2,154],"we":[3,89],"report":[4],"on":[5],"a":[6,61,82,119,123,141,166],"post-mortem":[7,163],"analysis":[8,14,164],"of":[9,26,63,79,107,117,168],"the":[10,21,24,32,55,103,114,126,156,171],"X-XSS-Protection":[11],"header.":[12],"Our":[13,109],"used":[15],"data":[16],"from":[17],"header":[18,174],"usage":[19],"in":[20,96,165],"wild":[22],"at":[23,149],"time":[25],"its":[27],"death":[28],"as":[29],"judged":[30],"by":[31,49,54],"Google":[33],"Chrome":[34],"deprecation":[35],"notice.":[36],"We":[37,59,71],"processed":[38],"roughly":[39],"2.6":[40],"billion":[41],"HTTP":[42,173],"responses":[43],"and":[44,81,136],"classified":[45],"them":[46],"not":[47],"just":[48,140],"validity":[50],"or":[51],"invalidity":[52],"but":[53],"reasons":[56],"for":[57,85,113],"each.":[58],"created":[60],"set":[62],"regex-driven":[64],"attributions":[65],"(RDAs)":[66],"to":[67,128,159],"support":[68],"robust":[69],"classification.":[70],"found":[72],"great":[73],"security":[74,133,157],"posture":[75],"with":[76,99,132],"minimum":[77],"levels":[78],"disablement":[80],"strong":[83],"preference":[84],"additional":[86,162],"protections.":[87],"Unfortunately,":[88],"also":[90],"discovered":[91],"that":[92,138],"misconfigurations":[93],"often":[94],"resulted":[95],"dangerous":[97],"situations":[98],"potentially":[100],"less":[101],"than":[102],"expressly":[104],"desired":[105],"level":[106],"security.":[108],"results":[110],"have":[111],"implications":[112],"potential":[115],"reconsideration":[116],"what":[118],"browser":[120],"should":[121],"consider":[122,160],"fail-safe":[124],"design,":[125],"opportunity":[127],"design":[129],"new":[130],"mechanisms":[131],"configuration":[134],"gradients,":[135],"motivation":[137],"solving":[139],"few":[142],"errors":[143],"can":[144],"make":[145],"an":[146],"enormous":[147],"impact":[148],"internet":[150],"scale.":[151],"Finally,":[152],"motivates":[155],"community":[158],"conducting":[161],"variety":[167],"contexts":[169],"besides":[170],"deprecated":[172],"presented":[175],"here.":[176]},"counts_by_year":[],"updated_date":"2026-03-20T20:47:17.329874","created_date":"2026-03-18T00:00:00"}