Forum Discussion
samstep
Sep 02, 2018Cirrocumulus
Hi,
"Web Browser XSS Protection Not Enabled" is a Low severity alert in OWASP ZAP effectively telling that the X-XSS-Protection header is missing in server response. You can easily add this header to your responses using an iRule like this:
when HTTP_RESPONSE {
HTTP::header insert "X-XSS-Protection" "1; mode=block"
}