1. Home
  2. Docs
  3. Warnings
  4. Hardening
  5. Security Headers – X-XSS-Protection

Security Headers – X-XSS-Protection

In order to improve the security of your site against some types of XSS (cross-site scripting) attacks, it is recommended that you add the following header to your site:

  X-XSS-Protection: 1; mode=block

It is supported by IE (Internet Explorer) and Chrome. You can enable it by modifying your Apache settings or your .htaccess file, and adding the following line to it:


  Header set X-XSS-Protection "1; mode=block"

Sucuri Customers

Or you can enable it automatically on WAF (along with other security headers) by setting "Additional Security Headers " to on. Note that it is enabled by default for all our customers.

If you have any questions, please contact our research team at research@sucuri.net.

Was this article helpful to you?