tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacopo Cappellato <>
Subject Enabling X-XSS-Protection
Date Thu, 08 Oct 2015 05:40:39 GMT
Hi all,

I am looking for a way to add the X-XSS-Protection header (*) to the
response from Tomcat.

I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to
setup other useful security related headers but it doesn't seem to support
the X-XSS-Protection header (**).

Do you think that HttpHeaderSecurityFilter should be enhanced to support
this (I could provide a patch for this)? Is there another way?

Thanks in advance,



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message