Secure Your Site with the X-XSS-Protection HTTP Header in Apache

Objective

X-XSS-Protection is a security header to prevent some level of cross-site scripting (XSS) vulnerabilities.

Solution

Edit your Apache configuration file/etc/apache2/httpd.conf and add the following to your VirtualHost.

# Load the headers module
LoadModule headers_module modules/mod_headers.so

<VirtualHost *:443>
    # X-XSS-Protection
    Header set X-XSS-Protection "1; mode=block"
</VirtualHost>

With a value of “1; mode=block” XSS filter will be enabled will prevent rendering the page if an attack is detected.

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Go to Geek Flare’s Test Site and test your site . The output will tell you if you have everything correct.

My System Configuration

CentOS 7
Apache 2.4

References

https://geekflare.com/http-header-implementation/#X-XSS-Protection
https://tools.geekflare.com/tools/xss-protection-test

One thought on “Secure Your Site with the X-XSS-Protection HTTP Header in Apache”

It’s always bets to escape your fields aswell from the and tags. The iframe deny header is also a good header to add.

S	M	T	W	T	F	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

nowhereLAN

Secure Your Site with the X-XSS-Protection HTTP Header in Apache

Objective

Solution

My System Configuration

References

One thought on “Secure Your Site with the X-XSS-Protection HTTP Header in Apache”

Leave a Reply Cancel reply

David Lehman's System Administration Blog

Objective

Solution

My System Configuration

References

Share this:

One thought on “Secure Your Site with the X-XSS-Protection HTTP Header in Apache”

Leave a Reply Cancel reply

David Lehman's System Administration Blog