To improve the security of your site against some types of XSS (cross-site scripting) attacks, it is recommended that you add the following header to your site:
X-XSS-Protection: 1; mode=block
It is supported by IE (Internet Explorer) and Chrome. You can enable it by modifying your Apache settings or your
.htaccess file, and adding the following line to it:
Header set X-XSS-Protection "1; mode=block"
Note: this is enabled by default for all users.
You can enable it on your WAF (along with other security headers) by enabling “Additional Security Headers”.
If you have any questions, please contact our research team at firstname.lastname@example.org.