You can add:
Header always set X-XSS-Protection "1; mode=block"
which will help – but the rest you need to look at the way you code your pages.
Then you can look at
(1) defensive code
(2) Content-Security-Policy header
(3) Specific rules in Apache to mitigate attacks
Remembering that XSS is often a vector for other attacks.
From: Thejas Hl <thejashl013@xxxxxxxxx>
Sent: 16 July 2021 06:31
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] query regarding httpd server [EXT]
Hello team,
Is xss attack internally taken care by httpd apache server if yes kindly share the steps to activate for protection against such attack.
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
