This header allows the browser to stop pages from loading when they detect Cross Site scripting attacks. We can add this middleware in the Configure method of the Startup class, as follows:

app.UseXXssProtection(options => options.EnabledWithBlockMode());