how to set Http header X-XSS-Protection

Question

I have tried to put this:

in the tag but have had n

Answer 1

In Apache, you need to edit the config file, this file could be:

/etc/apache2/apache2.conf

/etc/apache2/httpd.conf

In the file you can add these lines at the end to enable HTTP Header XSS Protection:

    Header set X-XSS-Protection: "1; mode=block"

Note: if mod_headers is external to the main Apache core (not compiled into Apache) then you would use .so rather than .c - ie.

After that, save changes, and restart apache with:

sudo service apache2 restart

or

sudo service httpd restart

Hope this helps! :)