https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206941#M5935 <P>Hi Jeremiah,</P> <P>Yes, correct</P> Mon, 13 Jun 2016 15:19:14 GMT splunk_kk 2016-06-13T15:19:14Z https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206939#M5933 <P>Hello Team,</P> <P>I am quite new here. Just wanted to know that where can we configure X-XSS-Protection security header in Splunk?</P> Sun, 12 Jun 2016 03:09:08 GMT https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206939#M5933 splunk_kk 2016-06-12T03:09:08Z https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206940#M5934 <P>Do you mean that you want to add the header to Splunk Web, so that the server sends that header to client browsers?</P> Mon, 13 Jun 2016 15:13:03 GMT https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206940#M5934 Jeremiah 2016-06-13T15:13:03Z https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206941#M5935 <P>Hi Jeremiah,</P> <P>Yes, correct</P> Mon, 13 Jun 2016 15:19:14 GMT https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206941#M5935 splunk_kk 2016-06-13T15:19:14Z https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206942#M5936 <P>Starting in Splunk 6.6 (released today) you can add custom HTTP response headers by setting replyHeader.NAME=VALUE in web.conf. See the web.conf.spec file for details.</P> <P>This setting <STRONG>isn't</STRONG> available if you're running in the deprecated legacy appserver mode (i.e. appServerPorts=0) Hopefully nobody is still doing that, though.</P> Tue, 02 May 2017 15:48:33 GMT https://community.splunk.com/t5/Security/Configuring-X-XSS-Protection-security-header/m-p/206942#M5936 mitch_1 2017-05-02T15:48:33Z