From 167f3d11a78003d6e1812bdcc1dc4b66a94cf62f Mon Sep 17 00:00:00 2001
From: valentijnscholten <valentijnscholten@gmail.com>
Date: Sat, 23 Oct 2021 18:21:53 +0200
Subject: [PATCH] Explain X-XSS-Protection:0 recommendation (#769)

---
 cheatsheets/HTTP_Headers_Cheat_Sheet.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cheatsheets/HTTP_Headers_Cheat_Sheet.md b/cheatsheets/HTTP_Headers_Cheat_Sheet.md
index f4b6335d09..a88feaac69 100644
--- a/cheatsheets/HTTP_Headers_Cheat_Sheet.md
+++ b/cheatsheets/HTTP_Headers_Cheat_Sheet.md
@@ -26,6 +26,8 @@ The HTTP `X-XSS-Protection` response header is a feature of Internet Explorer, C
 Do not set this header or explicitly turn it off.
 > `X-XSS-Protection: 0`
 
+Please read [X-XSS_Protection should be disabled](https://github.com/OWASP/CheatSheetSeries/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md#x-xss-protection-header) for details.
+
 ### X-Content-Type-Options
 
 The `X-Content-Type-Options` response HTTP header is used by the server to prevent browsers from guessing the media type ( MIME type).