Why do I need protection against cross-site scripting (XSS)?

If a cybercriminal performs a successful cross site scripting (XSS) attack on your website, it allows them to perform many actions on your website. For example, they can see any kind of information that is transmitted to your website (such as personal and payment information), even if you have SSL encryption in place.

Even if your website does not allow users to enter data or it is solely focused on marketing only, cross-site scripting attacks could cause users to be redirected to fake pages where cybercriminals can perform other malicious activities such as installing malware (malicious software).