tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacopo Cappellato <jacopo.cappell...@gmail.com>
Subject Enabling X-XSS-Protection
Date Thu, 08 Oct 2015 05:40:39 GMT
Hi all,

I am looking for a way to add the X-XSS-Protection header (*) to the
response from Tomcat.

I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to
setup other useful security related headers but it doesn't seem to support
the X-XSS-Protection header (**).

Do you think that HttpHeaderSecurityFilter should be enhanced to support
this (I could provide a patch for this)? Is there another way?

Thanks in advance,

Jacopo

(*) https://www.owasp.org/index.php/List_of_useful_HTTP_headers
(**) https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message