This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Does anyone know how to implement a X-XSS-Protection Header on a Netsuite website?

I am not a security expert but I believe we addressed potential issues that such a header would protect against in SC/A 2020.1.4. Sites older than that can use the following patch: <https://system.netsuite.com/app/help/helpcenter.nl?fid=section_159061403898.html>

Anyway, `response.addHeader`  in your SSP should be the way forward, but you should check the SS documentation for that. I think only certain headers are allowed.