As per our requirement we have to set X-XSS-Protection: 1, so that we can force the xss protection. I am not sure how to implement this. The security policy hold one section to set this but unfortunately that part is invisible from the user rule form(Rule-Access-CSP.pzPolicyDefinition) with a visible condition(1==2)
Second way can be from prconfig, if there is any tag, Not sure of the tag name.
Thanks for posting your question here in the PDN forums. Not sure if you're aware but we have a new Product Support Community that just went live! I would like to invite you to post your question there. That will be the best place moving forward for you to receive assistance.
Hope to see you there!
Marissa | Online Community Moderator | Pegasystems Inc.