From 3645d207cfbd2596ba86ef83394894ee7ae24df7 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Wed, 12 Sep 2012 16:53:45 -0700
Subject: [PATCH] Bug 680771 - Send X-XSS-Protection header for XSS
 prevention/blocking [r=mkanat a=LpSolit]

---
 Bugzilla/CGI.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index a16ae66865..4dd223a310 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -316,6 +316,10 @@ sub header {
         unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
     }
 
+    # Add X-XSS-Protection header to prevent simple XSS attacks
+    # and enforce the blocking (rather than the rewriting) mode.
+    unshift(@_, '-x_xss_protection' => '1; mode=block');
+
     # Add X-Content-Type-Options header to prevent browsers sniffing
     # the MIME type away from the declared Content-Type.
     unshift(@_, '-x_content_type_options' => 'nosniff');
-- 
2.47.3