# /etc/apache2/conf-available/xss-filtering.conf

<IfModule mod_headers.c>
	Header always set X-XSS-Protection "1; mode=block"
</IfModule>