Could the X-Xss-Protection HTTP header please be added?

Hi, I was wondering if the X-Xss-Protection HTTP header could please be supported by Cloudflare, like how other headers like HSTS are supported? It would help make websites more secure by having it enabled (eg, being able to force it on everything, or for hosts that don’t support/allow adding HTTP headers).


Until such a time this becomes a feature (I can’t see it myself to be honest), you could add it yourself using a Cloudflare Worker, albiet at a cost.

This topic was automatically closed after 14 days. New replies are no longer allowed.