Sets the HTTP header X-XSS-Protection: 1; mode=block on all requests to enable automatic XSS blocking by web browsers that implement this feature. Web browsers typically interpret the lack of this header as using the value 1 which will sanitize suspected cross-site scripting attacks as opposed to fully blocking them.