Hi, I’m testing the security of my web app, I use the zap tool to acomplish the OWASP standard, and as a result I receive some warnings, to resolve this warnings I need to add some httpheaders to the app, but I cant find any info on the documentation, all I found is about htmlheaders, someone know how to do that?.
These is a warning example:
The X-XSS-Protection HTTP response header allows the web server to enable or disable the web browser’s XSS protection mechanism. The following values would attempt to enable it:
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=http://www.example.com/xss
The following values would disable it:
The X-XSS-Protection HTTP response header is currently supported on Internet Explorer, Chrome and Safari (WebKit).
Note that this alert is only raised if the response body could potentially contain an XSS payload (with a text-based content type, with a non-zero length).
Thanks in advance