Forum Discussion
- samstepCirrocumulus
Hi,
"Web Browser XSS Protection Not Enabled" is a Low severity alert in OWASP ZAP effectively telling that the X-XSS-Protection header is missing in server response. You can easily add this header to your responses using an iRule like this:
when HTTP_RESPONSE { HTTP::header insert "X-XSS-Protection" "1; mode=block" }