The Cross Site Scripting assertion checks the response for content revealing system information. It checks the response for injection strings similar to the parameter ones. It also allows you to prepare a script which will create a URL list to check each token individually.
Select Check Immediate Response to check the response right after starting the script.
Select Check Response from URLs specified in Custom Script to check responses from the URL list, which you can specify in a custom script. Then, create a custom script to check for XSS vulnerabilities on REST and SOAP individual pages which do not allow you to view the immediate responses in a browser.
Add more assertions to ensure the security of the tested service: