XSS protection is a security header that stops a page from loading when a XSS attack is detected. This header is supported in Chrome.IE, and Safari.
An XSS(Cross-site scripting) attack is when malicious code is inserted into a benign site typically in the form of a browser side script. A hacker can use XSS to send malicious code to an unsuspecting user. The browser has no way to know that the script should not be trusted, and will run the script.