Secure Apache from Cross-Site Scripting

You can set the X-XSS-Protection settings on your Apache web server to prevent cross-site scripting attacks. To enable the X-XSS-Protection edit Apache configuration file (For eg: /etc/httpd/conf/httpd.conf or /etc/apache2/conf-enabled/security.conf) and add the below configuration. Save file and close it. The above settings enables the XSS Filter. If the cross-site scripting attack is detected, the browser will sanitize the page and also prevent rendering of the page. Next, Restart Apache service to apply changes

Text XSS Protection Settings

Open your website in a web browser. Press F11 to open browsers inspect element window. Then view the header values for the request, You will find the header value as shown in below image.


In this tutorial, you have learned basics about Cross-Site scripting attacks. Also, helped you to secure Apache server from XSS attacks.

X XSS Protection   Secure Apache from Cross Site Scripting   TecAdmin - 27