How does the XSS protection work? In a request to https://snap.berkeley.edu/snap/snap.html
I get a request header
Cookie: snapsession=████████████████████████████████████████████████████████████████████████████████████████████████████████████; persist_session=true
But if I open the console, I get no cookie. I can add other cookies to document.cookie. The x-xss-protection
header is not supported by firefox, so it shouldn't do anything.