Sucuri Docs > Warnings > Hardening > Security Headers – X-XSS-Protection

Security Headers – X-XSS-Protection

To improve the security of your site against some types of XSS (cross-site scripting) attacks, it is recommended that you add the following header to your site:

  X-XSS-Protection: 1; mode=block

It is supported by IE (Internet Explorer) and Chrome. You can enable it by modifying your Apache settings or your .htaccess file, and adding the following line to it:

  Header set X-XSS-Protection "1; mode=block"

Sucuri customers

Note: this is enabled by default for all users.

You can enable it on your WAF (along with other security headers) by enabling “Additional Security Headers”.

If you have any questions, please contact our research team at

Was this article helpful?