Verify if cross-site scripting vulnerability protection is enabled in your site’s HTTP response headers.
If using Apache, Nginx, IIS then you may refer this guide. Alternatively, if using cloud-based security provider service like SUCURI, then you can get it enabled through custom rules.
Once you are done with the header implementation, use this XSS header test tool to verify.