How to check URLs blocked by XSS Protection | AEM

Learn how to check URLs blocked by Cross-site scripting (XSS) Protection in Adobe Experience Manager with the steps outlined in this article.

Description description


Adobe Experience Manager


If you’re experiencing an issue where a link URL is not being rendered on a page in Adobe Experience Manager (AEM), it could be due to Cross-site scripting (XSS) Protection. This security feature prevents invalid URLs that may cause XSS attacks from being displayed. To troubleshoot this issue, one can check the URLs that have been blocked by the XSS Protection feature.
The article provides step-by-step instructions on how to do this.

Follow the AEM 6.5 Security User guide for more details on XSS Protection

Resolution resolution

Check the blocked URLs as follows:

  1. Go to Web Console > Sling > XSS Protection (or Access http://localhost:4502/system/console/xssprotection)

  2. Check URL and Times Blocked values under Blocked URLs in Status tab