HTTP X-XSS-Protection response header

Hi all, Would it be possible for our application's responses to include the HTTP X-XSS-Protection response header? And if so, how could we do this? Thanks in advance. Kind regards, Hugo
1 answers

If you're running your app in the cloud this is not possible AFAIK as this is a setting on the web-server serving your app. The setting on this server are defined by Mendix. Maybe file a ticket with support to find out if they can enable this.

If you are running 'on premise', in other words have control over your web-server configuration then you can enable this.

nginx: add_header x-xss-protection "1; mode=block" always;

apache: header always set x-xss-protection "1; mode=block"