Issue: Missing "XSS-Protection" header

Description:

Missing the X-XSS-Protection header means that this website could be at risk of Cross-site Scripting (XSS) attacks.

Remediation:

This issue can be mitigated in ZIETrans applications by setting "X-XSS-Protection".

However, this header is deprecated, and support is removed from most browsers. Add the below filter and filter-mapping in web.xml for added security from XSS attacks:

<filter>
	<filter-name>XSS-Filter</filter-name>
	<filter-class>
	    com.ibm.hats.runtime.filters.ZIETransXSSFilter
	</filter-class>
</filter>

<filter-mapping>
		<filter-name>XSS-Filter</filter-name>
	      <url-pattern>/*</url-pattern>
</filter-mapping>

Refer to below link for more information about Enabling XSS Protection :

Enable XSS Protection