Secure Apache from Cross-Site Scripting
You can set the X-XSS-Protection settings on your Apache web server to prevent cross-site scripting attacks. To enable the X-XSS-Protection edit Apache configuration file (For eg: /etc/httpd/conf/httpd.conf or /etc/apache2/conf-enabled/security.conf) and add the below configuration. Save file and close it. The above settings enables the XSS Filter. If the cross-site scripting attack is detected, the browser will sanitize the page and also prevent rendering of the page. Next, Restart Apache service to apply changes
Text XSS Protection Settings
Open your website in a web browser. Press F11 to open browsers inspect element window. Then view the header values for the request, You will find the header value as shown in below image.
Conclusion
In this tutorial, you have learned basics about Cross-Site scripting attacks. Also, helped you to secure Apache server from XSS attacks.
