Tecadmin published a tutorial about securing Apache from cross-site scripting.
X-XSS-Protection - Secure Apache from Cross-Site Scripting – TecAdmin
Cross-Site Scripting (Also known as XSS) is a client-side attack by injecting malicious scripts to the web application. After that your application will be the carrier of the malicious scripts to reach the other users browser. In that case, the other user’s browser will understand the malicious scripts served from a trusted sources and will execute the script.
X-XSS-Protection - Secure Apache from Cross-Site Scripting – TecAdmin