diff --git a/server/server.go b/server/server.go
index 2cd04e803f..caaa774a01 100644
--- a/server/server.go
+++ b/server/server.go
@@ -833,6 +833,7 @@ func (server *ArgoCDServer) newStaticAssetsHandler(dir string, baseHRef string)
 		if server.XFrameOptions != "" {
 			w.Header().Set("X-Frame-Options", server.XFrameOptions)
 		}
+		w.Header().Set("X-XSS-Protection", "1")
 
 		// serve index.html for non file requests to support HTML5 History API
 		if acceptHTML && !fileRequest && (r.Method == "GET" || r.Method == "HEAD") {