Apache, CentOS, CentOS 7, Linux

Secure Your Site with the X-XSS-Protection HTTP Header in Apache

Leave a comment

Objective

X-XSS-Protection is a security header to prevent some level of cross-site scripting (XSS) vulnerabilities.

Solution

Edit your Apache configuration file/etc/apache2/httpd.conf and add the following to your VirtualHost.

# Load the headers module
LoadModule headers_module modules/mod_headers.so

<VirtualHost *:443>
    # X-XSS-Protection
    Header set X-XSS-Protection "1; mode=block"
</VirtualHost>

With a value of “1; mode=block” XSS filter will be enabled will prevent rendering the page if an attack is detected.

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Go to Geek Flare’s Test Site and test your site . The output will tell you if you have everything correct.

My System Configuration

  • CentOS 7
  • Apache 2.4

References

Leave a Reply

Your email address will not be published. Required fields are marked *