Hi all, I am looking for a way to add the X-XSS-Protection header (*) to the response from Tomcat.
I am currently using the Tomcat's HttpHeaderSecurityFilter that allows to setup other useful security related headers but it doesn't seem to support the X-XSS-Protection header (**). Do you think that HttpHeaderSecurityFilter should be enhanced to support this (I could provide a patch for this)? Is there another way? Thanks in advance, Jacopo (*) https://www.owasp.org/index.php/List_of_useful_HTTP_headers (**) https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html