# -*- mode: apache; coding: utf-8 -*-

# Requires mod_setenvif and mod_headers to be loaded.

# Use SetEnvIf instead of SetEnv to ensure the variable is set during
# early request processing.
SetEnvIf Request_Method . CSP_REFLECTED-XSS=block

Header always set X-XSS-Protection: "1; mode=block"
