diff --git a/src/backend/app.js b/src/backend/app.js
index 59802755..3b852cd4 100644
--- a/src/backend/app.js
+++ b/src/backend/app.js
@@ -48,7 +48,7 @@ app.use(function (req, res, next) {
 
     res.set({
         'Strict-Transport-Security': 'includeSubDomains; max-age=631138519; preload',
-        'X-XSS-Protection':          '0',
+        'X-XSS-Protection':          '1; mode=block',
         'X-Content-Type-Options':    'nosniff',
         'X-Frame-Options':           x_frame_options,
         'Cache-Control':             'no-cache, no-store, max-age=0, must-revalidate',