diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
index df1fb7440..6166d1cf9 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/admin/SparqlQueryController.java
@@ -96,6 +96,7 @@ public class SparqlQueryController extends FreemarkerHttpServlet {
 				SimplePermission.USE_SPARQL_QUERY_PAGE.ACTION)) {
 			return;
 		}
+		resp.addHeader("X-XSS-Protection", "0");
 		if (req.getParameterMap().containsKey("query")) {
 			respondToQuery(req, resp);
 		} else {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
index d132585fe..f7a4ce851 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java
@@ -106,7 +106,10 @@ public class JenaExportController extends BaseEditController {
 		String formatParam = vreq.getParameter("format");
 		String subgraphParam = vreq.getParameter("subgraph");
 		String assertedOrInferredParam = vreq.getParameter("assertedOrInferred");
-		StringBuilder ontologyURI = new StringBuilder(vreq.getParameter("ontologyURI"));
+		StringBuilder ontologyURI = new StringBuilder();
+		if (vreq.getParameter("ontologyURI") != null) {
+			ontologyURI.append(vreq.getParameter("ontologyURI"));
+		}
 		
 		Model model = null;
 		OntModel ontModel = ModelFactory.createOntologyModel();