Place below code to .htaccess file

<IfModule mod_headers.c>
 Header set X-XSS-Protection "0; mode=block"
</IfModule>

Rule Cheatsheet:

X-XSS-Protection: 0
X-XSS-Protection: 1
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; report=

0 Disables XSS filtering.

1 Enables XSS filtering (usually default in browsers).

If a cross-site scripting attack is detected, the browser will sanitize the page (remove the unsafe parts).

1;mode=block

Enables XSS filtering. Rather than sanitizing the page, the browser will prevent rendering of the page if an attack is detected.

1; report= (Chromium only)

Enables XSS filtering. If a cross-site scripting attack is detected, the browser will sanitize the page and report the violation. This uses the functionality of the CSP report-uri directive to send a report.