diff --git a/source/java/org/alfresco/web/app/servlet/UploadFileServlet.java b/source/java/org/alfresco/web/app/servlet/UploadFileServlet.java
index 9fb6513aae..42c51b94f6 100644
--- a/source/java/org/alfresco/web/app/servlet/UploadFileServlet.java
+++ b/source/java/org/alfresco/web/app/servlet/UploadFileServlet.java
@@ -187,6 +187,8 @@ public class UploadFileServlet extends BaseServlet
             }
             response.setContentType(MimetypeMap.MIMETYPE_HTML);
             response.setCharacterEncoding("utf-8");
+            // work-around for WebKit protection against embedded javascript on POST body response
+            response.setHeader("X-XSS-Protection", "0");
             final PrintWriter out = response.getWriter();
             out.println("<html><body><script type=\"text/javascript\">");
             out.println(returnPage);