1. Enable the protection for all security zones in blocking mode (Blocking mode means the site won’t display at all if an XSS attempt is found, but rather a simple warning to the user that the attack has been blocked): 1 X-XSS-Protection: 1; mode=block 2. Enable the protection for...
Add the X-XSS-Protection header to your web server and set the value to "1; mode=block". In Apache, that would be set with the following config:#Force XSS (should be on by default in most browsers anyway) Header always set X-XSS-Protection "1; mode=block"...
Impact URL(s): <site URL> Observations: We detected a missing X-XSS-Protection header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks. The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages f...