nginxUsing x-xss-protection header

server {
  add_header X-XSS-Protection "1; mode=block";
}ctrl + cyoutubegithub

`server {` virtual server configuration block	`add_header` sets specified header
`X-XSS-Protection` controls if XSS protection should be additionally enabled/disabled in browser	`1; mode=block` enables browser XSS check and ensures insecure pages will not be loaded