Configure X-XSS-Protection in ASP.NET

To enable X-XSS-Protection header in IIS add following to your site’s Web.config file.

<configuration>
    <system.webServer>
        <httpProtocol>
			<customHeaders>
				<add name="X-XSS-Protection" value="1; mode=block" />
			</customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

Read more about X-XSS-Protection header here.


Leave A Comment

Your email address will not be published.