tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Enabling X-XSS-Protection
Date Thu, 08 Oct 2015 09:14:14 GMT
On 08/10/2015 06:40, Jacopo Cappellato wrote:
> Hi all,
> 
> I am looking for a way to add the X-XSS-Protection header (*) to the
> response from Tomcat.
> 
> I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to
> setup other useful security related headers but it doesn't seem to support
> the X-XSS-Protection header (**).
> 
> Do you think that HttpHeaderSecurityFilter should be enhanced to support
> this (I could provide a patch for this)? Is there another way?

A patch to add support for this header would be great.

Mark


> 
> Thanks in advance,
> 
> Jacopo
> 
> (*) https://www.owasp.org/index.php/List_of_useful_HTTP_headers
> (**) https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message