From 41089bfb080fd27d8b5152a74bd15a372387675e Mon Sep 17 00:00:00 2001
From: jameskimmel <17176225+jameskimmel@users.noreply.github.com>
Date: Mon, 7 Oct 2024 20:16:56 +0200
Subject: [PATCH] remove  X-XSS-Protection (#1151)

why is this line not removed, when it is dangerous and obsolete?

According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection, we should remove it.
---
 docs/general/networking/nginx.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/general/networking/nginx.md b/docs/general/networking/nginx.md
index b6905a11..f255cf5b 100644
--- a/docs/general/networking/nginx.md
+++ b/docs/general/networking/nginx.md
@@ -58,7 +58,6 @@ server {
     # Security / XSS Mitigation Headers
     # NOTE: X-Frame-Options may cause issues with the webOS app
     add_header X-Frame-Options "SAMEORIGIN";
-    add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
     add_header X-Content-Type-Options "nosniff";
 
     # Permissions policy. May cause issues with some clients