On 08/10/2015 06:40, Jacopo Cappellato wrote: > Hi all, > > I am looking for a way to add the X-XSS-Protection header (*) to the > response from Tomcat. > > I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to > setup other useful security related headers but it doesn't seem to support > the X-XSS-Protection header (**). > > Do you think that HttpHeaderSecurityFilter should be enhanced to support > this (I could provide a patch for this)? Is there another way?
A patch to add support for this header would be great. Mark > > Thanks in advance, > > Jacopo > > (*) https://www.owasp.org/index.php/List_of_useful_HTTP_headers > (**) https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org